0

I run a small (centOS 7) mail server at home and I would like to attach ports to a domain name instead of opening up for every incoming connection of the server-IP. Currently, when I open up port 25/993/587 in FirewallD, it opens up to everyone. So when I point a domain name to my server IP, all ports will be opened up. I currently use mail.example.com, but what I would like to achieve is:

smtp.mail.example.com -> 25
imaps.mail.example.com -> 993

... And so on. I have no idea if or how this is possible and I know that it is not necessary for the functioning of my mail server, but it's interesting from a sanity perspective and can be useful for other situations when you combine webhosting and mail hosting on the same server since a mail server doesn't need port 80/443 and a web server doesn't need 25/993 and so on.

I am aware of SRV records, but that still leaves all ports open when you use the same IP.

Franc
  • 3
  • 1

1 Answers1

1

That's not possible, the machine receiving the connection has no knowledge* of what hostname the remote machine resolved to it's IP address in order to reach it.

It works with HTTP/HTTPS because the HTTP protocol includes the hostname as part of the request. Neither SMTP or IMAP include that information in the request.

*the only exception to this is if the connection is using TLS and contains a SNI header which will contain the hostname the remote machine wants to connect to. So it may be possible the imaps

hardillb
  • 1,275
  • 1
  • 9
  • 19