I have a web server where I have installed Postfix for sending emails only. All incoming mails will be handled by google apps and not my web server. Using iptables rules, I have blocked all incoming ports (including Port 25) and opened only ssh and http ports. All Outbound traffic are open. From testing I can see that postfix is able to send emails even when port 25 is blocked so that is not an issue. My understanding was Port 25 is only needed to be opened if I am receiving emails on that server. But I read this in coding horror site that has confused me a bit:
Port25 offers a really nifty public service -- you can send email to [email protected] and it will reply to the from: address with an extensive diagnostic!
So my question is, does some mail server ping my Port 25 to check the authenticity of my server origin when Postfix sends email to them? If Postfix is used to send emails only, do I still need to open Port 25 so other mail servers can verify my server info? I am concerned if I block port 25, is that another reason for some email clients to mark my emails as Spam because they are unable to get info on my server by pinging to Port 25? I cant find info on this. I will be obliged if someone can clarify this plz...
Some receiving mail servers will check whether the originating server is fully capable of receiving mails at your address. Others won't accept mails sent from dialup IP ranges.
As you said your incoming mails will be handled by Google Apps, why not send your outgoing mails right through Google, too?