On May 17, 2017, at 10.44, Florian Lindner <mailingli...@xgm.de> wrote:
>
> Hello,
>
> I run a docker container on my server. To not have all docker containers need
> to authenticate when sending mail, I added
> the private network range 172.16/12 to mynetworks:
i would discourage authorization based on source ip address. automated
credential configuration is a fairly basic task, and there are a plethora of
benefits to using user/pass [or even a certificate, if desired] over source ip
address.
> # Added private network 172.16/12 for Docker
>
>
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12
>
>
> * Is this safe?
that's a rather relative/subjective measure - but pursuant to my particular
philosophies, no.
> * Is there another / better way to achieve what I want?
there are some cases in which i "must" allow authorization based on source ip
address. some time ago, i stopped using mynetworks/permit_mynetworks for this.
i now use check_client_access
cidr:${table_directory}/non_auth_submitters.cidr, and i set mynetworks to empty
[e.g. "mynetworks ="].
