- Make sure the Postfix is running with non-root account:
ps aux | grep postfix | grep -v '^root' - Change permissions and ownership on the destinations below:
chmod 755 /etc/postfix chmod 644 /etc/postfix/*.cf chmod 755 /etc/postfix/postfix-script* chmod 755 /var/spool/postfix chown root:root /var/log/mail* chmod 600 /var/log/mail* - Edit using VI, the file /etc/postfix/main.cf and add make the following changes:
- Modify the myhostname value to correspond to the external fully qualified domain name (FQDN) of the Postfix server, for example:
myhostname = myserver.example.com - Configure network interface addresses that the Postfix service should listen on, for example:
inet_interfaces = 192.168.1.1 - Configure Trusted Networks, for example:
mynetworks = 10.0.0.0/16, 192.168.1.0/24, 127.0.0.1 - Configure the SMTP server to masquerade outgoing emails as coming from your DNS domain, for example:
myorigin = example.com - Configure the SMTP domain destination, for example:
mydomain = example.com - Configure to which SMTP domains to relay messages to, for example:
relay_domains = example.com - Configure SMTP Greeting Banner:
smtpd_banner = $myhostname - Limit Denial of Service Attacks:
default_process_limit = 100 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 30 queue_minfree = 20971520 header_size_limit = 51200 message_size_limit = 10485760 smtpd_recipient_limit = 100
- Modify the myhostname value to correspond to the external fully qualified domain name (FQDN) of the Postfix server, for example:
- Restart the Postfix daemon:
service postfix restart
Hardening guide for Postfix 2.x
·188 words·1 min