Outbound Port 25 for Postfix only in Firewall

Locked
User avatar
latifolia
Posts: 42
Joined: Wed 18. Aug 2021, 09:08

Outbound Port 25 for Postfix only in Firewall

Post by latifolia »

Hello,

We have plan to reduce possible spam initated from our server to outside world by limiting access to outbound port 25 only for Postfix with this kind of code in firewall :

Code: Select all

iptables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited
Is that okay or will that be problems with KeyHelp configuration?

We plan to add it manually via custom script since we can not add it through KeyHelp Firewall GUI (or do u know how to do it there?).

Need your opinion
User avatar
Tobi
Community Moderator
Posts: 2812
Joined: Thu 5. Jan 2017, 13:24

Re: Outbound Port 25 for Postfix only in Firewall

Post by Tobi »

Spam initiated by your server?

Either you have an open relay or one of your users is responsible for the spam.

IMHO blocking port 25 will not solve the issue.
Gruß,
Tobi


-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
User avatar
latifolia
Posts: 42
Joined: Wed 18. Aug 2021, 09:08

Re: Outbound Port 25 for Postfix only in Firewall

Post by latifolia »

There are no spams .. yet. It is planned as anticipation so there we need opinion whether the plan is feasible or not.

Most spam which is originated using scripts going through Postfix can be handled accordingly, the problem lies on accessing outbond port 25 by unknown scripts bypassing Postfix as MTA.

Thus, we try to limit access to outbound port 25 only for Postfix to limit the possible spams initiated.

Also it would be fantastic to have Firewall GUI which can have matches in rules, like code above.
User avatar
Alexander
Keyweb AG
Posts: 3810
Joined: Wed 20. Jan 2016, 02:23

Re: Outbound Port 25 for Postfix only in Firewall

Post by Alexander »

latifolia wrote: Wed 18. Aug 2021, 09:15 Is that okay or will that be problems with KeyHelp configuration?

We plan to add it manually via custom script since we can not add it through KeyHelp Firewall GUI (or do u know how to do it there?).
If you would like to use rules, which cannot be build via the KeyHelp UI, I would advise, to turn off the KeyHelp firewall and manage the rules completely on your own.
This way, your custom rules cannot be accidentally overwritten when you use the KeyHelp firewall UI. Also, the custom rules will not survive a server reboot if KeyHelp Firewall is still active.
Mit freundlichen Grüßen / Best regards
Alexander Mahr

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Locked