How best to configure the Firewall for Postfix, Dovecot

@dylankarr:

I've created an email server following the instructions in ~~[https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql" target="_blank">](https://library.linode.com/email/postfi … 0.19-mysql">https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql](.

I noticed in the tutorial that it said to open up all the standard email ports in your firewall, but the tutorial also later had you disable non-ssl imap and pop. I was wondering, if I have non-ssl email disabled, do I really need to open all the ports or just the SSL ones? If so, why?

Also, is there a more correct way to open the ports than just this:

#  Allow Email connections from anywhere.
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

Sorry, if that's a bit of a newb question. I'm really more of a software developer, and I've somehow found myself in a sysadmin role.

You're right, just keep the ones open that are needed, no reason to make your attack surface bigger if it doesn't serve a purpose.

So, just for future reference for other people that follow this tutorial, is it right that this is how the firewall should be setup?

#  Allow SSL Email connections from anywhere.
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT