On a default install of Postfix, it will listen on all interfaces/IP addresses on your machine. Sometimes this is not what you want. For example, the computer may be connected directly to the internet on one network interface, and connected to a lan on another interface, however you may not want to allow access to the SMTP server from the internet, and only use it for internal mail. You can do this by specifying only the internal address to listen on (as well as local host).
The example below will be to limit SMTP access only to local host, so no other computers on the network can access it.
This configuration is done in the main.cf configuration file. Edit it in your editor of choice.
$ sudo nano /etc/postfix/main.cf
Find the following configuration option in the file:
inet_interfaces = all
Either comment this line out, and duplicate it underneath, or simply modify the line. I choose to comment and duplicate the line in case I needed to change it back.
Modify the ‘all’ text to contain a list of IP addresses, separated by commas, that you want Postfix to listen on.
#inet_interfaces = all inet_interfaces = 127.0.0.1
Save the file, and exit the editor.
Restart Postfix to activate these changes.
$ sudo /etc/init.d/postfix restart
You can now issue the ‘netstat -an’ command and see that it is only listening on port 25 on the specific IP’s you configured, instead of 0.0.0.0.
The netstat output would look something like this for my example:
$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
More information on the inet_interfaces syntax is avaliable here:
Excellent – worked with an old release of Postfix on Solaris 9 (no IPTables to block port 25). How old? Don’t know, but the startup script doesn’t even have the restart option.