Is LMTP On External Interface A Security Issue?

[freedomics]

I am preparing a single-server Zimbra config running on a dual-homed firewall. To get things working, I had to open port 7025 (LMTP?) on my external interface. According to nmap, LMTP is ONLY bound to my external interface. Is this necessary, or even recommended?

Isn't LMTP only used for routing mail from the MTA to the user's mailboxes? On a single-server config, I would think that it would be most secure as well as most efficient to bind LMTP to localhost, or at the very least, my internal interface.

If localhost is preferable, how/where do I make the change?

Thanks in advance for your assistance.

Stan

[jholder]

Shouldn't be a big issue, but we have a bug open for this, and will be changing it in 4.5.7.

Thanks
john

[freedomics]

In my case, I have two external interfaces, eth1 and eth2. If my primary ISP's network goes down, I can switch the default gateway to the secondary interface. My DNS MX records are set up so that my second MX points at the secondary interface, eth2. Will this still work if port 7025/LMTP is only bound to eth1?

By the way, thanks for the quick response.