--On October 11, 2012 4:38:12 PM -0500 Noel Jones <njo...@megan.vbhcs.org>
wrote:
On 10/11/2012 4:05 PM, Paul Schmehl wrote:
mynetworks = 127.0.0.0/8,IP.Of.Fortimail.Firewall
While that may mask the problem, it is almost certainly the wrong
solution.
Please explain why.
I'll grant you I left off the CIDR mask. My example should have been:
mynetworks = 127.0.0.0/8,IP.Of.Fortimail.Firewall/32
According to BASIC_CONFIGURATION_README, this is how it's done.
What clients to relay mail from
By default, Postfix will forward mail from clients in authorized network
blocks
to any destination. Authorized networks are defined with the mynetworks
configuration parameter. The default is to authorize all clients in the IP
subnetworks that the local machine is attached to.
Postfix can also be configured to relay mail from "mobile" clients that send
mail from outside an authorized network block. This is explained in the
SASL_README and TLS_README documents.
IMPORTANT: If your machine is connected to a wide area network then your
default mynetworks setting may be too friendly.
Examples (specify only one of the following):
/usr/local/etc/postfix/main.cf:
mynetworks_style = subnet (default: authorize subnetworks)
mynetworks_style = host (safe: authorize local machine only)
mynetworks = 127.0.0.0/8 (safe: authorize local machine only)
mynetworks = 127.0.0.0/8 168.100.189.2/32 (authorize local machine)
You can specify the trusted networks in the main.cf file, or you can let
Postfix do the work for you. The default is to let Postfix do the work. The
result depends on the mynetworks_style parameter value.
* Specify "mynetworks_style = host" when Postfix should forward mail from
only the local machine.
* Specify "mynetworks_style = subnet" (the default) when Postfix should
forward mail from SMTP clients in the same IP subnetworks as the local
machine. On Linux, this works correctly only with interfaces specified
with
the "ifconfig" command.
* Specify "mynetworks_style = class" when Postfix should forward mail from
SMTP clients in the same IP class A/B/C networks as the local machine.
Don't do this with a dialup site - it would cause Postfix to "trust"
your
entire provider's network. Instead, specify an explicit mynetworks list
by
hand, as described below.
Alternatively, you can specify the mynetworks list by hand, in which case
Postfix ignores the mynetworks_style setting. To specify the list of trusted
networks by hand, specify network blocks in CIDR (network/mask) notation,
for
example:
/usr/local/etc/postfix/main.cf:
mynetworks = 168.100.189.0/28, 127.0.0.0/8
You can also specify the absolute pathname of a pattern file instead of
listing
the patterns in the main.cf file.
Paul Schmehl (g...@stovebolt.com)
The Stovebolt Geek
The Net's Oldest and Most Complete
Resource for Antique Chevy and GM Trucks
http://www.stovebolt.com
