Outside entities always seem to find a Postfix server in a matter or hours (or sometimes minutes) after it is set up. Seeing as how I only need Postfix to forward messages to me that Dovecot will be receiving, and I have no intention to use SMTP from an external IP, I would like to limit Postfix to only be able to send emails from its internal IP.
I checked the following two options in the “SMTP Client Restrictions” area in the Postfix Server module:
Allow connections from same network Allow connections from this system
The expected behaviour is that any attempt to send mail from an external source would be denied.
Looking at var/log/mail.log, I am still seeing that it is considering requests from those pesky IPs (albeit denying every one of them).
So far as I can say, there are many ways to achieve your desired situation. The easiest one is to put your local network subnet into “mynetworks” and set “smtpd_relay_restristions = permit_mynetworks”. This will restrict Postfix to relay only emails from your subnet.
This seems similar to the fail2ban thread. The system still has to process the request to see if it is valid. But, if there is no inbound, block the port in your firewall.
No, this did not work… It happily accepted my email (albeit with correct SMTP authentication). The problem is that you can’t use firewalls to do this AFAIK, because you need port 25 wide open for the initial negotiation.
Eh, not a big deal… I guess I’ll put up with those irritating brute force attackers.