Do I need to enable TLS support for postfix?

Question

I need to send out notifications from my web-app and I've setup postfix as a null client on my server. So in my /etc/postfix/master.cf I have commented out the lines

#smtp      inet  n       -       -       -       -       smtpd
#local     unix  -       n       n       -       -       local

So after I did that when I try to use telnet, it blocks me out.

$ telnet localhost 25
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

And when I use sendmail I am able to send emails, which is what I want. So far so good.

Now, I'm concerned about spammers not using my SMTP server as an open relay. To this end, do I need to turn on TLS and SMTP Auth support in postfix or is just disabling network access to postfix (by commenting out those two lines in master.cf) sufficient?

In other words, in my current setup - with TLS turned OFF and network access to postfix disabled - is there a possibility of my SMTP server being compromised?

Answer 1

TLS is used for secure communications with your server. Most spammers and legitimate mailservers would rarely use TLS to send mail to/through your server. It is more common that you would use TLS when sending mail from your email program, i.e. Outlook, Thunderbird, etc.

With network access disabled, you wouldn't be able to send mail from an email client, but, spammers and legitimate mail wouldn't be able to be delivered to your server.

Disabling smtp should work in your situation.

Answer 2

I would suggest setting up Postfix with TLS & SMTP Authentication.

This link should explain most of the process on properly securing your mailserver.