Linode Forum :: How best to configure the Firewall for Postfix, Dovecot

# Allow Email connections from anywhere.
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

I've created an email server following the instructions in https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql.

I noticed in the tutorial that it said to open up all the standard email ports in your firewall, but the tutorial also later had you disable non-ssl imap and pop. I was wondering, if I have non-ssl email disabled, do I really need to open all the ports or just the SSL ones? If so, why?

Also, is there a more correct way to open the ports than just this:

Code:

#  Allow Email connections from anywhere.
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

Sorry, if that's a bit of a newb question. I'm really more of a software developer, and I've somehow found myself in a sysadmin role.

Author:	dylankarr [ Thu Feb 06, 2014 1:35 pm ]
Post subject:	How best to configure the Firewall for Postfix, Dovecot
I've created an email server following the instructions in https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql. I noticed in the tutorial that it said to open up all the standard email ports in your firewall, but the tutorial also later had you disable non-ssl imap and pop. I was wondering, if I have non-ssl email disabled, do I really need to open all the ports or just the SSL ones? If so, why? Also, is there a more correct way to open the ports than just this: Code: # Allow Email connections from anywhere. -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 465 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 110 -j ACCEPT -A INPUT -p tcp --dport 995 -j ACCEPT -A INPUT -p tcp --dport 143 -j ACCEPT -A INPUT -p tcp --dport 993 -j ACCEPT Sorry, if that's a bit of a newb question. I'm really more of a software developer, and I've somehow found myself in a sysadmin role.

Author:	jebblue [ Thu Feb 06, 2014 3:03 pm ]
Post subject:	Re: How best to configure the Firewall for Postfix, Dovecot
dylankarr wrote: I've created an email server following the instructions in https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql. I noticed in the tutorial that it said to open up all the standard email ports in your firewall, but the tutorial also later had you disable non-ssl imap and pop. I was wondering, if I have non-ssl email disabled, do I really need to open all the ports or just the SSL ones? If so, why? Also, is there a more correct way to open the ports than just this: Code: # Allow Email connections from anywhere. -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 465 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 110 -j ACCEPT -A INPUT -p tcp --dport 995 -j ACCEPT -A INPUT -p tcp --dport 143 -j ACCEPT -A INPUT -p tcp --dport 993 -j ACCEPT Sorry, if that's a bit of a newb question. I'm really more of a software developer, and I've somehow found myself in a sysadmin role. You're right, just keep the ones open that are needed, no reason to make your attack surface bigger if it doesn't serve a purpose.

Author:	dylankarr [ Thu Feb 06, 2014 4:37 pm ]
Post subject:	Re: How best to configure the Firewall for Postfix, Dovecot
So, just for future reference for other people that follow this tutorial, is it right that this is how the firewall should be setup? Code: # Allow SSL Email connections from anywhere. -A INPUT -p tcp --dport 465 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 995 -j ACCEPT -A INPUT -p tcp --dport 993 -j ACCEPT

Linode Forum https://forum.linode.com/

How best to configure the Firewall for Postfix, Dovecot https://forum.linode.com/viewtopic.php?f=11&t=10829	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/