Another Stupid Question of how to setup a secure Port 25 Relay
I have the system setup with postfix instead of sendmail. The problem I have is trying to figure out where to put the list of IP numbers where it will allow them relay to the outside world. I know there is supposed to be a file created or written to but it keeps running me in circles. Any help would be appreciated. Daryl
dhunt wrote:
I have the system setup with postfix instead of sendmail. The problem I have is trying to figure out where to put the list of IP numbers where it will allow them relay to the outside world.
I know there is supposed to be a file created or written to but it keeps running me in circles.
/etc/postfix/access ? -- Gruß, Andreas
----- Original Message -----
From: "Andreas Winkelmann"
dhunt wrote:
I have the system setup with postfix instead of sendmail. The problem I have is trying to figure out where to put the list of IP numbers where it will allow them relay to the outside world.
I know there is supposed to be a file created or written to but it keeps running me in circles.
/etc/postfix/access ?
You just made the improper conclusion that I know anything about the subject at hand. Shame on you(grin) I know there is a way to only allow certain email address, users, or outside ip numbers or blocks of ips to be able to relay mail through the Postfix system. I just haven't found it myself. So treat me like I am an idiot (which I just very well may be). Daryl
dhunt wrote:
I have the system setup with postfix instead of sendmail. The problem I
have is trying to figure out where to put the list of IP numbers where it will allow them relay to the outside world.
I know there is supposed to be a file created or written to but it keeps
running me in circles.
/etc/postfix/access ?
You just made the improper conclusion that I know anything about the subject at hand. Shame on you(grin)
;-)
I know there is a way to only allow certain email address, users, or outside ip numbers or blocks of ips to be able to relay mail through the Postfix system. I just haven't found it myself. So treat me like I am an idiot (which I just very well may be).
Want you to permit relaying from outside, or only from inside ? Configure Postfix's smtpd only to listen on the interfaces which are really necessary (inet_interfaces != all). Use authentification for relaying (smtp-auth (sasl) or pop-before-smtp). Hmm, /etc/postfix/access is a very insecure way from outside, because it's not very hard to fake IPs. -- Andreas
On Sat, 2003-08-02 at 04:28, dhunt wrote:
I have the system setup with postfix instead of sendmail. The problem I have is trying to figure out where to put the list of IP numbers where it will allow them relay to the outside world.
I use YaST to do these sorts of things. Unfortunately, there's no config parameter to set for this using the sysconfig editor. You need to add the parameter POSTFIX_ADD_MY_NETWORKS to /etc/sysconfig/postfix, and set it to include the IP addresses you need (like "192.168.0.1/24" or such). Then you need to add the parameter POSTFIX_ADD_SMTPD_RECIPIENT_RESTRICTIONS and set it to include "permit_mynetworks". Then I would recommend that you add POSTFIX_ADD_SMTPD_TLS_AUTH_ONLY and set it to "yes". Regards, dk
* Sat, 02 Aug 2003, dhunt@i70west.net:
I have the system setup with postfix instead of sendmail. The problem I have is trying to figure out where to put the list of IP numbers where it will allow them relay to the outside world.
I know there is supposed to be a file created or written to but it keeps running me in circles.
/etc/postfix/main.cf mynetworks = e.g. $ /usr/sbin/postconf mynetworks mynetworks = 192.168.2.0/24, 127.0.0.0/8 Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 27N , 4 29 45E. SuSE 8.2 x86 Kernel k_Athlon 2.4.20-4GB See headers for PGP/GPG info.
participants (4)
-
Andreas Winkelmann -
David Krider -
dhunt -
Theo v. Werkhoven