Securing Your Mail Server (Postfix)

by Jan Bachelor

Sources:

Even if you skipped the previous step, all you need to do is to set up the following directives to secure your Postfix. I have provided comments for each to shed some light on what each item does. Not securing your Postfix could lead into your mail server receiving spam (not properly checking who the sender is when mail is coming in) + who the sender is from your end, which could mean that someone else could use your mail server to send spam out.

  • Edit the Postfix’s main configuration file:
sudo nano /etc/postfix/main.cf

# Find this directive and match it to the following:
smtpd_sender_restrictions =
        reject_sender_login_mismatch,
        reject_non_fqdn_sender,
        reject_unlisted_sender,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,  
        reject_invalid_helo_hostname,
        reject_unknown_sender_domain,
        reject_unauth_pipelining

# Add a new directive that verifies the client (i.e. the connecting host) as well:
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

# Exit nano and reload the config
sudo systemctl reload postfix

Go back to course overview: Install iRedMail Mail Server As Proxmox VM With OPNSense As Firewall

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.