My existing mail server is running Centos 4 (yes, VERY old -- which is a
testament as to the continuing quality of Postfix), with port 25 exposed
to the whole wide world. Everything else is restricted by an IPTABLES
firewall and TCPwrapper. I was going to wait for CentOS 8 to be
released and get some run time by early adopters, but my poor mail
server is starting to show signs of wearing out and I may have to pull
the trigger sooner.
My question for the user community is this: any gotchas in bringing up
Postfix on Centos 7.6.1810 from the Red Hat distribution? Integration
with the version of Dovecot in 7.6 from same?
I'm not going to port over the mail directories from the old server.
Everything will be from scratch, so conversions are not an issue. I
will be carrying over my header_checks file, though.
Do I need to buy a certificate for my domain satchell.net, or will a
self-signed certificate be sufficient? The MX is mail.satchell.net for
that domain. The other domains described on the old box have expired,
so I won't be bringing those over.
Significant services running on the new box: PostFix, DoveCot, BIND 9,
NTP (actually chrony)
Outside access and inside access are split using VLANs on an HP switch
(already in my network) to the one and only Ethernet port on the new
server, which is a laptop board in a mini-tower case. The outside port
will be on an external (access to the world) netblock
(22.214.171.124/29?), while the inside port will be in the 10.1.1.0/24
netblock. If needed, I can also have the inside port be on the
10.1.2.0/24 and 10.1.3.0/24 to access isolated equipment.
I'm planning on exposing only port 25 (smtp) and rate-limited ICMP to
the world. All the rest of the ports, TCP and UDP, plus other IP
protocols, will be blocked to outsiders. The local LAN has access to
ecerything. I'm considering how to handle output port blocking for
those services not needed by a mail server.