Securing Postfix

Postfix is a replacement for Sendmail which has several security advantages over Sendmail. Postfix consists of several small programs that perform their own small task. And almost all programs run in a chroot jail. These are just a few examples why Postfix is recommended over Sendmail. For more information on chroot jail, see Using Chroot Securely.
Linux servers that are not dedicated mail or relay servers should not accept external emails. However, it is important for production servers to send local emails to a relay server.

Before you continue on a Red Hat system, make sure Postfix is activated using the following command:

# alternatives --set mta /usr/sbin/sendmail.postfix


The following parameters in /etc/postfix/main.cf should be set to ensure that Postfix accepts only local emails for delivery:

mydestination = $myhostname, localhost.$mydomain, localhost
inet_interfaces = localhost

The parameter mydestination lists all domains to receive emails for.
The parameter inet_interfaces specifies the network to liston on.

Once you've configured Postfix, restart the mail system with the following command:

# /etc/init.d/postfix restart


To verify whether Postfix is still listening for incoming network request, you can run one of the following commands from another node:

# nmap -sT -p 25
# telnet 25

Don't run these commands on the local host since Postfix is supposed to accept connections from the local node.

If you believe that I should cover other parameter(s) or if you think that other parameter(s) should explicitly be set/changed for local mail delivery, please drop me an email.