Postfix SMTP only localhost login - disable remote login

Question

I have configured postfix + dovecot on a debain 10. I have installed a web server to have webmail with roundcube.

I don't want anyone other than roundcube to be able to use mail services, so I'm only exposing SMTP ports 25 and 587 to the internet.

How can I configure Postfix to not allow login attempts from the internet?

Esa Jokinen · Accepted Answer · 2021-04-05T20:06:15.203

If you use the SMTP port 25 for unauthenticated incoming mail and configure the submission port 587 separately for (outbound) authenticated mail, you could make it only listen on local loopback.

In the master.cf you have a separate section, another instance of smtpd for the submission:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
submission inet n       -       y       -       -       smtpd

You could modify this line into:

127.0.0.1:submission inet n -   y       -       -       smtpd

(According to master(5) it seems inet_interfaces = loopback-only is only available on the main.cf. This would mean you can only configure it globally and not per process with -o in master.cf.)

In the end I have done what you say, submission in local and smtp on the internet with 'smtp_sasl_auth_enable = no'. What seems strange to me is that there is no configuration of smtpd itself to disable remote authentication. — user1814720, Apr 05 '21 at 21:37

Postfix SMTP only localhost login - disable remote login

1 Answers1