On 6/16/2015 11:52 AM, Michael Peter wrote: > > > >> On 6/16/2015 10:16 AM, Michael Peter wrote: >>> Hi, >>> >>> I have couple of questions regarding the permit_mynetworks option. >> >> It's generally better to control the scope of mynetworks rather than >> removing permit_mynetworks. Rather than the entire network, just >> list localhost and maybe trusted internal hosts that don't AUTH. >> >>> >>> 1- is the permit_mynetworks must be added to allow bounces emails from >>> postfix? or postfix can still send bounces or undelivered email >>> notifications without need to add permit_mynetworks in the >>> smtpd_recipient_restrictions? >> >> Bounce notices generated internally by postfix are not subjected to >> any restrictions. >> >> If the bounce is generated by a separate host, that host will need >> to be listed in mynetworks and permit_mynetworks is required. > > you mean by separte host is secondary MX bounce message to main MX ? Am i > correct?
I mean any separate host that needs to send mail back out through postfix. Generally a secondary MX doesn't bounce messages back to the main MX, nor vice versa. Individual configurations may vary... > >> >>> >>> 2- Is the permit_mynetworks must be added so the postfix can work >>> properly >>> handling the emails ? anyway our users uses sasl authenticate that's why >>> we want to remove permit_mynetworks, but we are afraid that this might >>> break some thing in postfix, that's why we want to be double sure. ? >>> >> >> If all users must authenticate, it's common to set main.cf >> mynetworks = 127.0.0.1, [::1] >> so that local processes can submit mail. It's up to you to determine >> if local processes require submission on your server. If not >> required in you environment, set mynetworks empty. >> mynetworks = > > what local processes can submit mail ?? can you please give me an example > of local processes that use mail ? normally local processes send mail > using /bin/sendmail and are not subjected to > any restrictions. ? Depends on your system, what you've installed and how you've configured it. Maybe nothing. > > >> >>> - >>> >>> Also our last question, In case of different case that the mail server >>> is >>> secondary mail server , it relays back the email to the primary server >>> when it is back. >>> >>> 3- do we have to add permit_mynetworks in smtpd_recipient_restrictions? >>> so >>> the secondary server can send the emails to the primary server (when the >>> primary server was down) ? or still the secondary server can send the >>> pending emails to the primary server even if permit_mynetworks in not >>> written in the smtpd_recipient_restrictions? >> >> If this is a secondary MX delivering to an internal mailstore, >> generally it is not required to be listed in mynetworks, and >> permit_mynetworks is not required. > > > the secondary MX is on totally different network than the main MX, so do i > need to add permit_mynetworks in main.cf ? and why ? Probably not. Individual configurations may vary, but the secondary does not normally bounce mail back to the primary, nor vice versa. -- Noel Jones
