Re: mynetworks equivalent for sender address

Thanks Viktor, that looks good. regards Dave On 01/09/2020 08:38, Viktor Dukhovni wrote: On Mon, Aug 31, 2020 at 09:51:42AM +0100, dave wrote: Maybe I need to clarify a few things. My email server is not in my home network. My raspberry is, and it gets random IPs as sometimes it has to go th

Re: mynetworks equivalent for sender address

On Mon, Aug 31, 2020 at 09:51:42AM +0100, dave wrote: > Maybe I need to clarify a few things. My email server is not in my home > network. My raspberry is, and it gets random IPs as sometimes it has to > go through a VPN to the internet. > > Mail to my own domains is not permitted by default. T

Re: mynetworks equivalent for sender address

On 31 Aug 2020, at 16:07, dave wrote: Thanks, SASL looks the best way. Still not sure why we're talking relaying... ;-) Because historically, to explicitly "permit" a message included relay unless a later restriction stopped it. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @

Re: mynetworks equivalent for sender address

Thanks, SASL looks the best way. Still not sure why we're talking relaying... ;-) regards Dave On 31/08/2020 17:55, Bill Cole wrote: On 31 Aug 2020, at 4:51, dave wrote: Mail to my own domains is not permitted by default. This email from raspberry is sent to my own domain (the one I'm using

Re: mynetworks equivalent for sender address

On 31 Aug 2020, at 4:51, dave wrote: Mail to my own domains is not permitted by default. This email from raspberry is sent to my own domain (the one I'm using on this list) and it fails the sender address domain not found and FQDN tests. There is no relaying needed. You could move those con

Re: mynetworks equivalent for sender address

Thanks, Maybe I need to clarify a few things. My email server is not in my home network. My raspberry is, and it gets random IPs as sometimes it has to go through a VPN to the internet. Mail to my own domains is not permitted by default. This email from raspberry is sent to my own domain (th

Re: mynetworks equivalent for sender address

On Sun, Aug 30, 2020 at 11:54:19PM +0100, dave wrote: > That would be great if it works. You mean that would be a double-barrelled shotgun you aim at your feet, sure... > It may be easy to forge, but it can be harder to guess depending on what > name I choose? > > But you both mention relay -

Re: mynetworks equivalent for sender address

That would be great if it works. It may be easy to forge, but it can be harder to guess depending on what name I choose? But you both mention relay - is that in the loose sense of the word? I don't need to relay it do I? Just permit? thanks Dave On 30/08/2020 23:31, Jaroslaw Rafa wrote:

Re: mynetworks equivalent for sender address

Dnia 30.08.2020 o godz. 16:11:32 Viktor Dukhovni pisze: > > There is, for good reason, no relay authorisation based on sender > address, because unlike a source IP address on your network (which is > difficult to forge with TCP) without being on your network, a sender > address is trivially forged

Re: mynetworks equivalent for sender address

On Sun, Aug 30, 2020 at 06:08:36PM +0100, dave wrote: > A simple equivalent of mynetworks, but for a from address rather than an > IP/network would be ideal. There is, for good reason, no relay authorisation based on sender address, because unlike a source IP address on your network (which is di

Re: mynetworks equivalent for sender address

Great, thanks. Do I need the "enabling DSASL authion postfix client section, or configure sender dependent SASL. And do I need to use relayhosts? thanks Dave On 30/08/2020 18:24, Nick wrote: On 2020-08-30 18:08 BST, dave wrote: So what I'm looking for is the easiest way of accepting that e

Re: mynetworks equivalent for sender address

On 2020-08-30 18:08 BST, dave wrote: > So what I'm looking for is the easiest way of accepting that email, > while staying pretty secure. >From your home machine, send mail to the server's submission port and with authentication, as in .

Re: mynetworks in mysql database

Wietse Venema: > Rune Elvemo: > > Den 25. okt. 2013 11:30, skrev Mikael Bak: > > > Hi, > > > > > > On 10/25/2013 09:48 AM, Rune Elvemo wrote: > > >> Does anyone know how to use a mysql database for mynetworks? > > >> We did manage to use it to match a single ip address, but is there a way > > >> t

Re: mynetworks in mysql database

Rune Elvemo: [ Charset ISO-8859-1 unsupported, converting... ] > Den 25. okt. 2013 11:30, skrev Mikael Bak: > > Hi, > > > > On 10/25/2013 09:48 AM, Rune Elvemo wrote: > >> Does anyone know how to use a mysql database for mynetworks? > >> We did manage to use it to match a single ip address, but is

Re: mynetworks in mysql database

Den 25. okt. 2013 11:30, skrev Mikael Bak: Hi, On 10/25/2013 09:48 AM, Rune Elvemo wrote: Does anyone know how to use a mysql database for mynetworks? We did manage to use it to match a single ip address, but is there a way to match entire networks? That can be done at the sql level. See mysq

Re: mynetworks in mysql database

Hi, On 10/25/2013 09:48 AM, Rune Elvemo wrote: > Does anyone know how to use a mysql database for mynetworks? > We did manage to use it to match a single ip address, but is there a way to > match entire networks? > That can be done at the sql level. See mysql functions "INET_ATON" and "INET_NTOA

Re: mynetworks hash issue

One more thing to keep in mind. When used with mynetworks, as I already explained the RHS of the table entries is ignored. Therefore, your attempt at a reject rule: 10.147.11.11 reject is completely ineffective. If you want to use CIDR rules with exceptions to define trusted clients, you

Re: mynetworks hash issue

On Mon, Oct 07, 2013 at 03:34:38PM -0600, Blake Farmer wrote: > Method 1 > [root@relay01 postfix]# grep cidr main.cf > cidr = cidr:${config_directory}/ > mynetworks = ${cidr}mynetworks.cidr > #mynetworks = cidr:/etc/postfix/mynetworks.cidr The above is broken. http://www.postfix.org/post

Re: mynetworks hash issue

I tried that method verbatium without success, postfix is able to start without issue however it continues to reject the machines I am using to test access and denied access. Your recomendation I beleive assigns the path and file designation to the variable cidr when then continues to the next

Re: mynetworks hash issue

On Mon, Oct 07, 2013 at 01:06:59PM -0600, Blake wrote: > I tried Victor's soltuion adding the code he noted however postfix would > fail to reload or restart generating the following errors. > Oct 7 12:47:32 relay01 postfix[22897]: warning: macro name syntax error: > "/etc/postfix/" Your setting

Re: mynetworks hash issue

Blake: > 10.147.11.0/24 4 As Victor noted, the form 10.147.11.0/24 does not work with indexed files. This also written in the access(5) manpage. If you must use this, use cidr: format instead. Wietse

Re: mynetworks hash issue

Thank you to Victor & Wietse for your response. I thought the mynetworks parameter was the issue in terms of rejecting clients from access. I tried Victor's soltuion adding the code he noted however postfix would fail to reload or restart generating the following errors. Oct 7 12:47:32 relay01 p

Re: mynetworks hash issue

On Mon, Oct 07, 2013 at 09:12:41AM -0600, Blake wrote: > However when I check the config after restarting or reloading postfix the > parameter does not seem to be updated when reviewing postconf -d. Not surprising, "postconf -d" returns compiled-in defaults as documented. This allows you to quic

Re: mynetworks hash issue

Blake: > mynetworks = hash:/etc/postfix/network_table > > # postmap -s hash:/etc/postfix/network_table > 11 10.147.9.0/24 That is backwards. The IP address is the lookup key. Wietse

Re: mynetworks support for ipv6 link local (fe80) hosts

Wietse Venema writes: > Derek Atkins: >> Wietse Venema writes: >> >> > For the record: mynetworks has always supported net/mask notation. >> >> Of course, but that wasn't what I was talking about, and it never was. >> I was talking about "permit_mynetworks" working properly with an ipv6 >> lin

Re: mynetworks support for ipv6 link local (fe80) hosts

Derek Atkins: > Wietse Venema writes: > > > For the record: mynetworks has always supported net/mask notation. > > Of course, but that wasn't what I was talking about, and it never was. > I was talking about "permit_mynetworks" working properly with an ipv6 > link local address specified in myne

Re: mynetworks support for ipv6 link local (fe80) hosts

Wietse Venema writes: > For the record: mynetworks has always supported net/mask notation. Of course, but that wasn't what I was talking about, and it never was. I was talking about "permit_mynetworks" working properly with an ipv6 link local address specified in mynetworks, and *that* wasn't wo

Re: mynetworks support for ipv6 link local (fe80) hosts

For the record: mynetworks has always supported net/mask notation. I did not notice that your problem was in client hostname lookup. Wietse

Re: mynetworks support for ipv6 link local (fe80) hosts

On Sat, Jun 02, 2012 at 12:31:10PM -0400, Derek Atkins wrote: > And I'm pretty sure that this is the patch (to postfix!) that fixed the > problem for me. Once I upgraded from 2.7.7 to 2.9.2 not only did my > configuration suddenly start working, but lo and behold the log messages > changed, too!

Re: mynetworks support for ipv6 link local (fe80) hosts

Wietse Venema writes: > Derek Atkins: >> Viktor Dukhovni writes: >> >> > On Fri, Jun 01, 2012 at 12:35:54PM -0400, Derek Atkins wrote: >> > >> >> >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 >> >> >> [2001:1234:1234::]/48 >> >> >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 >> >> >> >> Ye

Re: mynetworks support for ipv6 link local (fe80) hosts

Derek Atkins: > Viktor Dukhovni writes: > > > On Fri, Jun 01, 2012 at 12:35:54PM -0400, Derek Atkins wrote: > > > >> >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 > >> >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 > >> > >> Yes, I have. In fact that was the first thing

Re: mynetworks support for ipv6 link local (fe80) hosts

Viktor Dukhovni writes: > On Fri, Jun 01, 2012 at 12:35:54PM -0400, Derek Atkins wrote: > >> >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 >> >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 >> >> Yes, I have. In fact that was the first thing I tried, but it didn't >> wor

Re: mynetworks support for ipv6 link local (fe80) hosts

Viktor Dukhovni writes: > On Fri, Jun 01, 2012 at 12:35:54PM -0400, Derek Atkins wrote: > >> >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 >> >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 >> >> Yes, I have. In fact that was the first thing I tried, but it didn't >> wor

Re: mynetworks support for ipv6 link local (fe80) hosts

DTNX Postmaster writes: > On Jun 1, 2012, at 18:35, Derek Atkins wrote: > >> Hey Louis! >> >> Louis Kowolowski writes: >> >>> On May 31, 2012, at 3:44 PM, Derek Atkins wrote: >>> ... Here is the mynetworks configuration: mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24

Re: mynetworks support for ipv6 link local (fe80) hosts

On Fri, Jun 01, 2012 at 12:35:54PM -0400, Derek Atkins wrote: > >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 > >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 > > Yes, I have. In fact that was the first thing I tried, but it didn't > work. I added the interface descript

Re: mynetworks support for ipv6 link local (fe80) hosts

On Jun 1, 2012, at 18:35, Derek Atkins wrote: > Hey Louis! > > Louis Kowolowski writes: > >> On May 31, 2012, at 3:44 PM, Derek Atkins wrote: >> >>> ... >>> Here is the mynetworks configuration: >>> >>> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 >>> [fe80::]/10 [

Re: mynetworks support for ipv6 link local (fe80) hosts

Hey Louis! Louis Kowolowski writes: > On May 31, 2012, at 3:44 PM, Derek Atkins wrote: > >> ... >> Here is the mynetworks configuration: >> >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 >> > > Have you tried reducing it to

Re: mynetworks support for ipv6 link local (fe80) hosts

On May 31, 2012, at 3:44 PM, Derek Atkins wrote: > ... > Here is the mynetworks configuration: > > mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 > [fe80::]/10 [fe80::%eth0]/10 [::1]/128 > Have you tried reducing it to simply: mynetworks = 127.0.0.0/8 1.2.3.4/24 192.16

Re: mynetworks rules don't appear to be working

Will u please show me how the my network statement defined i mean the directive is declared in main.cf file because by default my network only give access to the local host machine only. please see the below sample config of mine mynetworks = cidr:/etc/postfix/network_table smtpd_recipient_rest

Re: mynetworks rules don't appear to be working

Ah yes, cidr format. Thanks for the help, I have changed the config to reflect the cidr formated tables. On Thu, 03 Nov 2011 12:48:07 -0500, Noel Jones wrote: > On 11/3/2011 11:58 AM, l...@airstreamcomm.net wrote: >> In mynetworks I have the following IP configured (among others): >> >> 204.9.1

Re: mynetworks rules don't appear to be working

On 11/3/2011 11:58 AM, l...@airstreamcomm.net wrote: > In mynetworks I have the following IP configured (among others): > > 204.9.157.0/24 OK > > In main.cf mynetworks is listed in the recipient restrictions: > > smtpd_recipient_restrictions = > permit_mynetworks, > chec

Re: mynetworks rules don't appear to be working

Kshitij, To clarify we have three methods of relay. The first being the mynetworks, the second a dynamically generated file (popimap_access) that has remote ips for pop and imap clients added for relay, and the third is smtp auth. We need to be able to do all three methods. Thanks On Thu, 3 No

Re: mynetworks rules don't appear to be working

On 11/3/2011 12:58 PM, l...@airstreamcomm.net wrote: In mynetworks I have the following IP configured (among others): 204.9.157.0/24 OK In main.cf mynetworks is listed in the recipient restrictions: smtpd_recipient_restrictions = permit_mynetworks, check_client_acces

Re: mynetworks rules don't appear to be working

HI Friend, Please confirm the file /etc/postfix/popimap_access has the below statement 204.9.157.0/24 OK and try with the following smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/popimap_access, reject_unauth_destination id

Re: mynetworks or sasl auth

That's right. В 11:31 -0500 на 22.11.2010 (пн), Rich написа: > So your question is to have anyone on mynetwork to not have to > authenticate and have anyone who is not on mynetwork to have to > authenticate? > smtpd_sasl_exceptions_networks=$mynetworks > > > 2010/11/22 b2 > > Hi list,

Re: mynetworks or sasl auth

So your question is to have anyone on mynetwork to not have to authenticate and have anyone who is not on mynetwork to have to authenticate? *smtpd_sasl_exceptions_networks=$mynetworks* 2010/11/22 b2 > Hi list, > I have to setup my postfix virtual mailbox configuration to permit all > clients l

Re: mynetworks or sasl auth

10x , I find the option that i needed : smtpd_sasl_exceptions_networks = $mynetworks В 16:57 +0100 на 22.11.2010 (пн), postfix написа: > http://www.postfix.org/SASL_README.html > > suomi > > On 2010-11-22 16:33, b2 wrote: > > Hi list, > > I have to setup my postfix virtual mailbox configurat

Re: mynetworks or sasl auth

http://www.postfix.org/SASL_README.html suomi On 2010-11-22 16:33, b2 wrote: Hi list, I have to setup my postfix virtual mailbox configuration to permit all clients listed in mynetworks without SASL authentication , but all others (remote networks/users) to authenticate themselves with username

Re: mynetworks hash tables

- 原文 - 发件人: Noel Jones 主　题: Re: mynetworks hash tables时　间: 2010年5月4日 05时58分54秒On 5/3/2010 4:30 PM, Gary Smith wrote:>>> I have a need to migrate some IP's from a static file to a hash file. These>> are singleton IP's (hash CIDR's).>>>> hash

Re: mynetworks hash tables

Noel Jones a écrit : > On 5/3/2010 4:30 PM, Gary Smith wrote: I have a need to migrate some IP's from a static file to a hash file. These >>> are singleton IP's (hash CIDR's). >>> >>> hash != cidr >> >> It was meant to read "singleton IP's (not CIDR's)". I need to do a >> little more pr

Re: mynetworks hash tables

On 5/3/2010 4:30 PM, Gary Smith wrote: I have a need to migrate some IP's from a static file to a hash file. These are singleton IP's (hash CIDR's). hash != cidr It was meant to read "singleton IP's (not CIDR's)". I need to do a little more proof reading before sending out these things.

RE: mynetworks hash tables

> > I have a need to migrate some IP's from a static file to a hash file. These > are singleton IP's (hash CIDR's). > > hash != cidr It was meant to read "singleton IP's (not CIDR's)". I need to do a little more proof reading before sending out these things. > > i.e. would this be acceptable

Re: mynetworks hash tables

Gary Smith a écrit : > I have a need to migrate some IP's from a static file to a hash file. These > are singleton IP's (hash CIDR's). hash != cidr > My understanding is this is just a verification table, so a long as it > exists (i.e. returns any value) it's considered allows if there is a m

RE: mynetworks hash tables

> Sure, this is an improvement over what you had, but it seems strange > to me that mynetworks would be changing frequently. Perhaps SASL AUTH > is a better solution overall? They don't change very often. Most of the time the problem is when adding new servers to the mix and old config files are

Re: mynetworks hash tables

On Mon, May 03, 2010 at 07:51:30AM -0700, Gary Smith wrote: > I have a need to migrate some IP's from a static file to a hash > file. These are singleton IP's (hash CIDR's). My understanding is > this is just a verification table, so a long as it exists (i.e. > returns any value) it's consider

Re: mynetworks

On 3-Aug-2009, at 16:03, AMP Admin wrote: OH! So when I do it w/o the -d it shows my current config?! I do see mynetworks is correct now w/o the -d!!! run postconf -n for your settings minus the default. This is generally all you care about. Also, read man postconf And lastly, don't top

Re: mynetworks

On Mon, 03 Aug 2009, AMP Admin wrote: > OH! So when I do it w/o the -d it shows my current config?! I do see > mynetworks is correct now w/o the -d!!! Yes, read the postconf(1) manual to understand the meaning of '-d' and other flags. > Thank you so much... sometimes it's the little things that

RE: mynetworks

ostfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Sahil Tandon Sent: Monday, August 03, 2009 4:28 PM To: AMP Admin Cc: Subject: Re: mynetworks On Aug 3, 2009, at 5:03 PM, "AMP Admin" wrote: > Maybe a dumb question but I can’t seem to change mynetworks in main. > cf. > &

Re: mynetworks

On Aug 3, 2009, at 5:03 PM, "AMP Admin" wrote: Maybe a dumb question but I can’t seem to change mynetworks in main. cf. I change it to something like: mynetworks = 127.0.0.0/8, xx.xx.xx.0/8, xx.xx.xxx.xxx, xx.xx.xxx.xxx # mynetworks_style = subnet Then I restart postfix and run postco