Sorry. What I meant was, you can insure that the SMTP server only listens on particular interfaces ("binding") or limit the IP address blocks that can talk to it.
Originally Posted by Linux&Gsus
If you use Postfix ("sudo apt-get install postfix"), the preferred SMTP server in Ubuntu, you'll find a configuration file called /etc/postfix/main.cf. In it there's the line:
Postfix listens by default on all the network interfaces, including a VPN interface if it exists. But you can still control which network addresses can connect to it using the mynetworks directive. The default Ubuntu configuration only accepts connections from addresses between 127.0.0.1 and 127.255.255.255, the so-called "localhost" interface, but not from any other network addresses. So if your VPN tunnel uses 192.168.1.1 and 192.168.1.2 for its addresses, you'd add "192.168.1.0/24" to the list in mynetworks. (That stuff in brackets is the "IPv6" address of the localhost interface and can be safely ignored.)
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
Did that help?
(The sendmail program uses a different approach and binds only to specified IP addresses on the server. So I can tell it to listen only on the VPN interface but not the ethernet interface, for instance. These two strategies accomplish essentially the same purpose, but go about it in different ways.)