Does postfix need to be secured before it's safe to run it on a production server?
I rely on Monit to notify me if certain processes are down or in trouble. For this purpose and this purpose only, I need postfix on the server so that Monit can send me email notifications.
If it's necessary to secure Postfix before deploying it, what are some steps I can take to make it safer?
It's an interesting question, given that you are using it just to send email hence it shouldn't be accepting incoming connections... So other than just regular good security practice it's no big deal (personally I would secure it anyway).
But in your particular case, it is irrelevant as you don't need a mail server running on your server to just send email - use your regular mail server.
