> On 6/16/2015 10:16 AM, Michael Peter wrote:
>> Hi,
>>
>> I have couple of questions regarding the permit_mynetworks option.
>
> It's generally better to control the scope of mynetworks rather than
> removing permit_mynetworks. Rather than the entire network, just
> list localhost and maybe trusted internal hosts that don't AUTH.
>
>>
>> 1- is the permit_mynetworks must be added to allow bounces emails from
>> postfix? or postfix can still send bounces or undelivered email
>> notifications without need to add permit_mynetworks in the
>> smtpd_recipient_restrictions?
>
> Bounce notices generated internally by postfix are not subjected to
> any restrictions.
>
> If the bounce is generated by a separate host, that host will need
> to be listed in mynetworks and permit_mynetworks is required.
you mean by separte host is secondary MX bounce message to main MX ? Am i
correct?
>
>>
>> 2- Is the permit_mynetworks must be added so the postfix can work
>> properly
>> handling the emails ? anyway our users uses sasl authenticate that's why
>> we want to remove permit_mynetworks, but we are afraid that this might
>> break some thing in postfix, that's why we want to be double sure. ?
>>
>
> If all users must authenticate, it's common to set main.cf
> mynetworks = 127.0.0.1, [::1]
> so that local processes can submit mail. It's up to you to determine
> if local processes require submission on your server. If not
> required in you environment, set mynetworks empty.
> mynetworks =
what local processes can submit mail ?? can you please give me an example
of local processes that use mail ? normally local processes send mail
using /bin/sendmail and are not subjected to
any restrictions. ?
>
>> -
>>
>> Also our last question, In case of different case that the mail server
>> is
>> secondary mail server , it relays back the email to the primary server
>> when it is back.
>>
>> 3- do we have to add permit_mynetworks in smtpd_recipient_restrictions?
>> so
>> the secondary server can send the emails to the primary server (when the
>> primary server was down) ? or still the secondary server can send the
>> pending emails to the primary server even if permit_mynetworks in not
>> written in the smtpd_recipient_restrictions?
>
> If this is a secondary MX delivering to an internal mailstore,
> generally it is not required to be listed in mynetworks, and
> permit_mynetworks is not required.
the secondary MX is on totally different network than the main MX, so do i
need to add permit_mynetworks in main.cf ? and why ?
>
>
>
>
> -- Noel Jones
>
