Dnia 21.12.2022 o godz. 13:21:06 Samer Afach pisze: > Thank you for the explanation. I will follow up on this and > hopefully I'll find a way to solve this problem properly without > obfuscation of incoming IP addresses. Seems like, worst case > scenario, I just have to disable relaying of emails altogether and > that'll solve the problem, at least until a better solution is > available.
Do any other containers on your machine relay mail through your Postfix? If no, you can safely allow relaying mail from localhost only. If yes, do all these containers seem to connect from address 172.30.0.1 or is this address used only by haproxy, and other containers connect from different 172.30.* addresses? If all containers are using 172.30.0.1 address, you must reconfigure Docker networking so that each container uses its own IP address from Postfix point of view (I don't know how as I don't use Docker, but it is certainly possible). If it is already the case, you don't need to do anything. Then, you have to fiddle somehow with smtp_*_restrictions so to allow relaying mail from other hosts in 172.30.* subnet, but reject relaying from 172.30.0.1 (or just set explicitly mynetworks= to all IP addresses of the containers that will relay mail). Just an idea, can't think of detailed configuration settings now. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
