PostFix What Does "inet_interfaces " exactly mean?

linux ubuntu email postfix email-server

I'm installing a Postfix Server and some people say that I have to change the

inet_interfaces = all to inet_interfaces = loopback-only

So now I am wondering, what does inet_interfaces exactly mean (and what is it doing) and what's the difference between all and loopback-only ?


From the manpage

inet_interfaces (default: all) The network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default), and "loopback-only" to receive mail on loopback network interfaces only (Postfix version 2.2 and later). The parameter also controls delivery of mail to user@[ip.address].

Note 1: you need to stop and start Postfix when this parameter changes.

Note 2: address information may be enclosed inside [], but this form is not required here.

When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a loopback address, the Postfix SMTP client will use this address as the IP source address for outbound mail. Support for IPv6 is available in Postfix version 2.2 and later.

On a multi-homed firewall with separate Postfix instances listening on the "inside" and "outside" interfaces, this can prevent each instance from being able to reach remote SMTP servers on the "other side" of the firewall. Setting smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4, and setting smtp_bind_address6 to :: solves the problem for IPv6.

A better solution for multi-homed firewalls is to leave inet_interfaces at the default value and instead use explicit IP addresses in the master.cf SMTP server definitions. This preserves the Postfix SMTP client's loop detection, by ensuring that each side of the firewall knows that the other IP address is still the same host. Setting $inet_interfaces to a single IPv4 and/or IPV6 address is primarily useful with virtual hosting of domains on secondary IP addresses, when each IP address serves a different domain (and has a different $myhostname setting).

See also the proxy_interfaces parameter, for network addresses that are forwarded to Postfix by way of a proxy or address translator.

Examples:

inet_interfaces = all (DEFAULT) inet_interfaces = loopback-only (Postfix version 2.2 and later) inet_interfaces = 127.0.0.1 inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) inet_interfaces = 192.168.1.2, 127.0.0.1

When is this useful?

You can manipulate the master.cf file and bind port 25 to multiple IP addresses to have slightly different configurations.

When would I use loopback-only

When you want to use postfix simply to queue emails for your application to be forwarded to another email system, handling smtp in an app is easy, handling queues, delays and encryption is less easy. Many devs will add postfix to handle this for you, similarly to using nginx for SSL.

This also prevent systems that do not additionally have a firewall (Centos vs Ubuntu) to protect against other localnet systems from using your relay to spam/phish.

You would not use this setting in docker as you'd generally link them with docker-compose and would not want to make this change as it is not longer local only.

Related

smtp delivery banner - unable to send mails via outlook
Usage of with nested to cat multiple files
apt-get dist-upgrade on a production machine
Is it better to use an offset or manually set CPU voltage (with respect to CPU longevitity)?
How can I always open certain URLs/domains in certain browsers?
How do I edit a PDF in Acrobat if it rather than LiveCycle
Vim command mode complete word
What does the & mean when used in the end of a bash script?
What does authoritative DNS server mean?
Can't change text color in Microsoft Word 2010
Is it possible to retrieve magnet link via transmission-remote?
How can I write a emacs command that inserts a text with a variable string at the current cursor position?