On 10-06-19 03:37, Ronald F. Guilmette wrote: > In message <64994169-2c87-4029-9c31-0765608f4...@opendmz.com>, > Christopher van de Sande <cvandesa...@opendmz.com> wrote: > >> Yes absolutely correct >> >> If your sever at home is online then it will pass through your cloud VM in >> mere seconds If your home server is offline then it will continue trying >> to deliver at intervals Ewhich you can also configure > > Perfect. Just perfect. > > Thank you Postfix! Thank you Wietse! Thank you everybody! This is > going to be simpler than I had anticipated, I think. (Knock on wood.) > > I do have just a couple of small lingering concerns... things that just > now occurred to me. These relate to dynamic DNS, which I've never actually > used before myself, but which I nontheless have a sort of vague conceptual > understanding of. > > As I understand it, you get yourself your own private FQDN, which is > assigned to you by whatever dynamic DNS provider you choose. And then, > each time your machine gets itself a fresh new DHCP lease, it needs to > send that address, in some manner, to the DDNS provider which will then > update the relevant A record based on your new dynamic IP. Is that a > fair summary? > > Assuming so, I have two questions about this... > > Well, make that one question. (I just answered my own first question, > which was "Yeabut, what if my whole local network is actually behind my > ASUS SOHO WiFi router and what if it is my router intself that is, in > the first instance, getting the DHCP lease?" Apparently, some ASUS > router models, including mine, fortunately, have an in-built DDNS client, > and that in-built DDNS client can, allagedly, work wth both ASUS's own > free DDNS service and also, allegedly, with the one provided by noip.com... > and possibly also others for all I know. So, no problem here! This will > work.) > > So, here is my only other question: > > Assuming the setup, as discussed here so far, where I'll have a Postfix > instance running on a cloud VM, and where that Postfix instance will have > an appropriate set of entries in transport_maps to cause that Postfix > intance to try to send all mail it has received for my domains on to: > > smtp:my-dynamic-fqdn > > What happens in this scenario when and if there is a power failure that > takes down my whole network, including my router? > > Let's say that the the dynamic IP that I *was* using, just before the > power fail, was a.b.c.d. The question is: While I am wandering around > with my flashlight in the dark, what if some other customer of my ISP > happens to request a DHCP lease and also happens to get a.b.c.d ... which > is possible, because after all, *I* am not using that specific IP address > anymore, so it will have been returned to the DHCP free pool. > > In this scenario, could that other party who got a.b.c.d, dynamically, > turn on a mail server and begin sucking down *my* emails from *my* cloud > VM Postfix instance? > > I guess that another way of asking this might be: Does DDNS have any sort > of "keep alive" signal that, if it goes dark suddenly, will result in > revocation of the relevant DDNS name-to-address mapping? > > I know. I know. I should probably be asking about these DDNS details > someplace else. And I probably shall. But since all you folks here > already know exactly what I'm trying to do, and why, and how, it's just > easier to start here. > > If what I have described is in fact a plausible and serious potential > security issue, then I guess that rather than using plain old SMTP to > move messages from my VM Postfix to my home Postfix, maybe I should > instead be looking for some alternative transport protocol that verifies > that the receiving node is actually one that *I* own and control... yes?
You can add TLS verification to your postfix client in the cloud. The client will only deliver to a server when it presents a specific SSL certificate to the client during the handshake. See http://www.postfix.org/TLS_README.html#client_tls_policy
signature.asc
Description: OpenPGP digital signature
