Welcome to the Linux Foundation Forum!

Postfix Configuration (Chapter 9, Email Servers)

Hi:
The lab 9.1 solution indicates I should

Enable Postfix to listen on all interfaces: # postconf -e "inet_interfaces = all"

but the /etc/posftfix/main.cf and http://www.postfix.org/postconf.5.html#inet_interfaces indicate the default settings is to allow email on all interfaces. Why is this change needed?

Comments

  • tncummings
    tncummings Posts: 16

    If I'm not mistaken in the above, a Knowledge Check question #9.4 should also be updated.

  • lee42x
    lee42x Posts: 380

    Most distributions set the listener off by default so when installing, if you do not specifically alter the listener it could leave your system exposed to bad actors.

  • tncummings
    tncummings Posts: 16

    Thanks for the response. Can you provide an example of a distribution that changes the default setting?

  • tncummings
    tncummings Posts: 16

    I checked this on Debian 10, Ubuntu 20.04, and Fedora 34. The Debian install left the inet_interfaces setting commented out in the /etc/postfix/main.cf.proto file. The actual main.cf file that was created during the install was nearly empty. The Debian Administrator's Handbook also provides an example main.cf file with inet_interfaces=all as the setting.

    Ubuntu 20.04 LTS and Fedora 34 installed Postfix with inet_interfaces=all set in the default main.cf file.

    This has been my experience. While the inet_interfaces=all setting may be a reasonable precautionary step to take, the Knowledge Check question #9.4 answer appears to be inaccurate.

  • lee42x
    lee42x Posts: 380

    Yes, you are correct, the default seems to be set to all network interfaces. The lab will get changed to "verify and change if necessary."

    Thank you for pointing this out.
    Lee

  • tncummings
    tncummings Posts: 16

    Thanks for resolving this question for me!

  • @lee42x said:
    Yes, you are correct, the default seems to be set to all network interfaces. The lab will get changed to "verify and change if necessary."

    Thank you for pointing this out.
    Lee

    There's still another issue with this lab - it states:

    Verify postfix is listening on the network interfaces.
    # postconf -d "inet_interfaces"

    This led me on a goose chase later when trying to use postconf -d to check settings I was changing. The problem is that postconf -d shouldn't be used to verify what postfix is doing, it shows defaults - the correct command to verify what interfaces postfix is configured to listen on is postfix -p "inet_interfaces"

  • lee42x
    lee42x Posts: 380
    edited February 2022

    Yes you are correct.

    postconf -d shows the default values.
    postconf -n show values that have been set to a value.

    On my test machine:
    [root@centos ~]# postconf -n inet_interfaces
    inet_interfaces = localhost
    [root@centos ~]# postconf -d inet_interfaces
    inet_interfaces = all

    Lee

Categories

Upcoming Training