On 14/12/2022 3:18 PM, Wietse Venema wrote:
> mynetworks_style applies to local interface addresses, not proxied
> ones.
Sam:
> Thank you for the response.
>
> One of the reasons for me asking this question is that I'm not fully
> sure about the consequences of that.
If a future version of HAProxy propagates interface netmasks, then
we can revisit that in Postfix. Before that happens, Postfix does
not know remote subnet information.
> Another one is that the documentation of postfix specifies that
> this can be dangerous if connected to wide-area network, which
> quite frankly I'm not sure about given the setup I described, given
> that the proxy gives that kind of exposure. I would appreciate
> your insight into whether I'm doing something wrong with the
> decisions I made.
Depending on where Postfix is deployed, the subnet of a local WAN
interface may include IP addresses of other customers of the network
provider. This is why it is not safe to include those IP addresses
by default in the mynetworks setting.
Wietse
