I'm trying to install and configure Postfix/Dovecot on an EC2 instance running Amazon Linux 2. The documentation I've run across so far talks about opening ports using firewall-cmd or iptables on the EC2 instance. But are these really necessary if using AWS Security Group, wouldn't opening the inbound ports there take care of it?
I know some people want to use their own firewall on EC2 in additional to the AWS Security Group, but my question is it a requirement to use firewall-cmd/iptables so that Postfix/Dovecot can allow users to connect to pop3 their e-mail?
If there is no firewall running on the instance, or the rules allow all traffic, then just opening the ports in the AWS Security Group will suffice. On Amazon Linux, the default rules allow all inbound and outbound traffic.
However, if there is a firewall with restrictive rules running on the instance, you may have to open the ports in the firewall in addition to opening the ports in the AWS Security Group.
Typically, people will just use the AWS security groups. However, using a local firewall is an option if the situation warrants it.