On Sat, May 13, 2023 at 06:51:30PM +0800, Tom Reed via Postfix-users wrote:
> Can I setup only port 25 open to the world? If port 465/587 are filtered
> by iptables which only permit internal users to connect, does this make
> sense to external MTAs (such as google, MS's)?
You do not need to expose ports other than 25 to outside sources (you
don't have to operate anything on those ports except as needed by your
own users).
For the blocked ports, your firewall should typically reply with a TCP
RST, rather than just drop packets. This could at least be useful on
the "ident" port:
auth 113/tcp ident tap #Authentication Service
in case some "qmail" systems are still expecting it to be available.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
