[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howtos:network_services:postfix_dovecot_mysql:email_firewall [2015/02/15 19:20 (UTC)] – astrogeek | howtos:network_services:postfix_dovecot_mysql:email_firewall [2015/02/16 09:43 (UTC)] – First complete version astrogeek | ||
---|---|---|---|
Line 1: | Line 1: | ||
==== Firewall Rules For Virtual Mail Server ==== | ==== Firewall Rules For Virtual Mail Server ==== | ||
- | |||
- | <note important> | ||
A firewall is simply a set of kernel routing rules, iptables rules, that selectively block or allow network traffic into and out of your machine. A web facing email server must be secured by a suitable set of firewall rules or it will quickly be overwhelmed and compromised! | A firewall is simply a set of kernel routing rules, iptables rules, that selectively block or allow network traffic into and out of your machine. A web facing email server must be secured by a suitable set of firewall rules or it will quickly be overwhelmed and compromised! | ||
Line 7: | Line 5: | ||
If you already have a firewall in place for other services then you will need to add to it the rules necessary to support mail server traffic. If you do not have a firewall currently in place, then you may use the example below as a good starting point! | If you already have a firewall in place for other services then you will need to add to it the rules necessary to support mail server traffic. If you do not have a firewall currently in place, then you may use the example below as a good starting point! | ||
- | <note important> | + | <note important> |
You should first use iptables -L to check for pre-existing rules and merge those below into your existing firewall. | You should first use iptables -L to check for pre-existing rules and merge those below into your existing firewall. | ||
If you have no existing firewall and need to allow http and ssh, uncomment the liines for those also included here.</ | If you have no existing firewall and need to allow http and ssh, uncomment the liines for those also included here.</ | ||
Line 54: | Line 52: | ||
Ports 993 and 995 provide secure Imap and Pop3, respectively. These must be open in order for your virtual users to be able to send and receive email. | Ports 993 and 995 provide secure Imap and Pop3, respectively. These must be open in order for your virtual users to be able to send and receive email. | ||
- | You may enable | + | To install |
< | < | ||
- | You may see all currently active rules like this... | + | |
+ | To see all currently active rules: | ||
< | < | ||
- | You may flush all current rules like this... | + | |
+ | To flush all current rules: | ||
< | < | ||
- | To load your firewall rules at each boot, add the following to / | + | To load your firewall rules at each boot, add the following |
< | < | ||
Line 73: | Line 72: | ||
fi</ | fi</ | ||
- | And make sure rc.local and the firewall rules files are executable... | + | Make sure rc.local and the firewall rules files are executable... |
< | < | ||
chmod +x / | chmod +x / |