[BlueOnyx:26521] Re: Postfix: Allow relay access by IP (and hostname)
Michael Stauber
mstauber at blueonyx.it
Mon Sep 25 20:59:37 -05 2023
Hi Chad,
> Your original recommendation was:
>
> "Change your "mynetworks" line in /etc/postfix/main.cf to something like
> this if you want to allow the whole 192.168.0.0/16 network to be able to
> relay through it:
>
> mynetworks = 127.0.0.0/8 [::1]/128 192.168.0.0/16
>
> I did this, but find that, when I execute the postfix restart, them
> main.cf gets rewritten, and mynetworks is updated to:
I just published base-email-* RPMs for BlueOnyx 5210R and 5211R which
fix this issue.
When you now restart Postfix, the "mynetworks" line in
/etc/postfix/main.cf will be rewritten to include the following:
- Localhost IPv4
- Localhost IPv6
- All IP addresses bound to your server
- All IPs and Hostnames from "Server Management" / "Network Services" /
"Email", "Advanced"-tab, field "Relay Email From Hosts/Domains/IP
Addresses"
So anything you specify under "Server Management" / "Network Services" /
"Email" / "Advanced"-tab, field "Relay Email From Hosts/Domains/IP
Addresses" will be allowed to relay through your server without
authentication. That turns your Postfix into an open relay for the
specified hosts or IPs.
Preferably you should *not* use Hostnames in that field, but only IPs.
But if need be, hostnames (of the sending servers) will also work, yet
these could be spoofed by someone who knows you allow that hostname to
relay.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list