In a nutshell, you'll want to prevent unprivileged traffic going to your SMTP port(s). In other words, write firewall (iptables) rules to allow only authorized clients to use them - if the RT machine is the only machine that will be using the service, then you can drop anything and everything coming to the SMTP port(s) on external interfaces like eth0, eth1 and so forth. If you're unfamiliar with iptables, fwbuilder is a gui tool than can ease the transition. You'll still need to do some reading though.<div>
<br></div><div>It may also be possible to configure postfix to only listen on the loopback interface, or only listen to localhost, but I don't know offhand about that.<br clear="all"><br>Regards,<br><br>Stephen J Alexander<br>
MPBX, LLC<br><a href="http://mpbx.com" target="_blank">http://mpbx.com</a><br>832-713-6729<br>
<br><br><div class="gmail_quote">On Tue, May 22, 2012 at 1:48 AM, Scott Sjodin <span dir="ltr"><<a href="mailto:scott.sjodin@gmail.com" target="_blank">scott.sjodin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks Dave, I followed your advice and have postfix sending mail for me.<div><br></div><div>This article helped a ton:
<a href="http://www.howtoforge.com/postfix_relaying_through_another_mailserver" target="_blank">http://www.howtoforge.com/postfix_relaying_through_another_mailserver</a> </div><div><br></div><div>Any advice on setting up security to prevent an open relay on my server?</div>
<div><br></div><div>Thanks,</div><div><br></div><div>Scott<br><br><div class="gmail_quote">On Mon, May 21, 2012 at 8:03 PM, Dave Burgess <span dir="ltr"><<a href="mailto:burgess@cynjut.com" target="_blank">burgess@cynjut.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
In order to relay through a mail server, you either need to be
sending mail to someone on that server, or have authorization.<br>
<br>
There are thousands of posts on setting up Postfix for relaying.<br>
<br>
Basically, you need to "sign in" to the mail server you want to use
using some kind of authentication protocol. This will depend
largely on the configuration of the server.<br>
<br>
Since you are running PostFix, you can skip that step altogether and
set up Postfix to send mail out directly to the recipient. This
would probably be much easier in the long run. Just be sure to set
up your own security so that no one can use you as an open relay.<br>
<br>
Dave<div><div class="h5"><div><div><br>
<br>
<br>
On 5/20/2012 8:40 AM, Scott Sjodin wrote:
<blockquote type="cite">Hi all,
<div><br>
</div>
<div>If you recall (you probably don't) I was attempting to use
msmtp to send mail with my new RT 4.0.5 install. I have since
abandoned those efforts and am now attempting to use Postfix to
do so. Fetchmail is working fine, and I've followed the steps
outlined in several install guides for setting up postfix to
send mail (I can post my <a href="http://main.cf" target="_blank">main.cf</a> file for reference if
requested).</div>
<div><br>
</div>
<div>I am getting much further with Postfix already, but am still
unable to send mail. When I look in /var/log/syslog I see the
following after attempting to send a test message:</div>
<div><br>
</div>
<div>
<div>
May 20 06:35:08 Galactica postfix/smtp[14385]: C9F539019A:
to=<<a href="mailto:scott.sjodin@gmail.com" target="_blank">scott.sjodin@gmail.com</a>>,
relay=<a href="http://smtp.mailanyone.net" target="_blank">smtp.mailanyone.net</a>[72.35.23.195]:25,
delay=0.53, delays=0.03/0.01/0.39/0.11, dsn=5.0.0,
status=bounced (host <a href="http://smtp.mailanyone.net" target="_blank">smtp.mailanyone.net</a>[72.35.23.195]
said: 550 relay not permitted (in reply to RCPT TO command))</div>
</div>
<div><br>
</div>
<div>Any ideas? I'm at a loss here. </div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Scott</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
<br>
<br>
</div></div></div></div><span class="HOEnZb"><font color="#888888"><span><font color="#888888"><pre cols="72">--
Dave Burgess
Manager
Cynjut Consulting Services, LLC
<a href="tel:402-403-4434" value="+14024034434" target="_blank">402-403-4434</a> (Phone, FAX, and Cell)</pre>
</font></span></font></span></div>
</blockquote></div><br></div>
</blockquote></div><br></div>