Postfix configuration w.r.t. port 25

Question

After a considerable amount of research, I have configured my postfix server to use dovecot to accept SMTPS connections over port 465 and everything works swimmingly.

Unfortunately, I forgot that, unless I listen to port 25, I'm not going to receive any e-mail from the net.

I'm hoping somebody knows off the top of their head how to open up port 25 on Postfix for anonymous users, but disallow relaying and any other bad things on that port. And to leave the port 465 the way it is.

As to my current configuration, I changed the master.cf file:

 smtps inet n - n - - smtpd 

and the main.cf file:

 # Use our SSL certificates smtpd_tls_cert_file = .....cer smtpd_tls_key_file = .....key smtpd_tls_security_level = may # Use Dovecot for SASL authentication smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination 

Any help is appreciated!

Answer 1

ADD (and do not replace) the following line to master.conf to enable 25 again

smtp inet n - n - - smtpd 

Relay-control is done in main.cf, so you may want to use something like that:

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_pipelining check_client_access hash:/etc/postfix/policyd_weight_client_whitelist check_recipient_access hash:/etc/postfix/policyd_weight_recipient_whitelist check_policy_service inet:127.0.0.1:12525 

The last line is for amavis. Anyway, smtpd_client_restrictions is what you search, and here you have more precise url: http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from