Loading ...
Sorry, an error occurred while loading the content.
 

Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.

Expand Messages
  • mouss
    ... always use postconf -n to see the value of parameters. main.cf may contain duplicate definitions or typos. ... you are new to this list, so please accept
    Message 1 of 9 , Jun 2, 2009
      Sthu Pous a écrit :
      > Good day.
      >
      > Could You please, explain me how it is possible for the users from local net to
      > send mail if we have in main.cf:
      >

      always use 'postconf -n' to see the value of parameters. main.cf may
      contain duplicate definitions or typos.

      > mynetworks = 127.0.0.0/8
      >
      > ?
      >

      you are new to this list, so please accept some friendly advice (this is
      to help you get the most out of this list):
      - always provide full details: what happens, what you want, ... and
      here, prefer clarity over anything else (people may understand terms
      differently, so try to express your problem in a way as to maximize
      understanding, "possibly at the expense of anything else" ;-p).
      - show relevant postfix logs ("normal" logging. only show verbose
      logging after you've been asked).
      - show your config (at start, 'postconf -n' output. then if asked,
      master.cf).

      while it may be clear for you that "users should not send mail", this is
      not clear to us. indeed, in almost all setups,

      - anyone can send mail to your domains
      - anyone can send mail anywhere using the sendmail command
      - anyone can do anything using $random software. in short, there is no
      evidence that your users are using postfix. said otherwise, nothing in
      your mail tells us that users are posting via postfix. postfix logs are
      needed.



      > And moreover, how I can reduce the mail sending only for the users (their IPs
      > and authorization) so that at the same time the users could get their emails
      > from outside world?
      >

      what do you really mean here? sending mail and receiving mail (in the
      sense: mail is delivered to their mailbox) and reading mail are three
      (3) different things.

      it may be easier for you to specify
      - who should send mail (under what conditions)
      - who should receive mail (under which conditions)
    • Sthu Pous
      ... Interesting to note, but on postconf -d I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24 from whence it comes? - I have no mynetworks file.
      Message 2 of 9 , Jun 3, 2009
        Thank You for Your time and answer, Carlos:

        > So for those three machines above to be able to send email using
        > Postfix, I need add the
        > following to '/etc/postfix/mynetworks':
        >
        > 127.0.0.0/8
        > 10.1.0.0/16
        >
        > Try that, reload Postfix and try and send email. Hope that helps. Also
        > your logs should show
        > some errors if not resolving.

        Interesting to note, but on

        postconf -d

        I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24

        from whence it comes? - I have no mynetworks file.
      • Wietse Venema
        ... The command postconf -d does NOT show main.cf. Formatting page, please wait...Done. POSTCONF(1) POSTCONF(1) NAME postconf - Postfix
        Message 3 of 9 , Jun 3, 2009
          Sthu Pous:
          > Thank You for Your time and answer, Carlos:
          >
          > > So for those three machines above to be able to send email using
          > > Postfix, I need add the
          > > following to '/etc/postfix/mynetworks':
          > >
          > > 127.0.0.0/8
          > > 10.1.0.0/16
          > >
          > > Try that, reload Postfix and try and send email. Hope that helps. Also
          > > your logs should show
          > > some errors if not resolving.
          >
          > Interesting to note, but on
          >
          > postconf -d
          >
          > I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24
          >
          > from whence it comes? - I have no mynetworks file.

          The command "postconf -d" does NOT show main.cf.

          Formatting page, please wait...Done.

          POSTCONF(1) POSTCONF(1)

          NAME
          postconf - Postfix configuration utility
          ...

          -d Print default parameter settings instead of actual
          settings.
          ...
          -n Print parameter settings that are not left at their
          built-in default value, because they are explicitly
          specified in main.cf.
        • Ralf Hildebrandt
          ... postconf -d shows the defaults -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
          Message 4 of 9 , Jun 3, 2009
            * Sthu Pous <sthu.pous@...>:

            > Interesting to note, but on
            >
            > postconf -d
            >
            > I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24
            >
            > from whence it comes?

            postconf -d shows the defaults
            --
            Ralf Hildebrandt
            Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
            http://www.computerbeschimpfung.de
            Computer /nm./: a device designed to speed and automate errors.
            -- From the Jargon File.
          • Barney Desmond
            ... That s well and good, but -d is for defaults, don t use it to make judgements. All that matters is what you see here and now with `postconf -n`, which you
            Message 5 of 9 , Jun 3, 2009
              2009/6/3 Sthu Pous <sthu.pous@...>:
              > Interesting to note, but on
              >
              > postconf -d
              >
              > I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24


              That's well and good, but -d is for defaults, don't use it to make
              judgements. All that matters is what you see here and now with
              `postconf -n`, which you haven't shown us.

              This might also be of interest:
              http://www.postfix.org/postconf.5.html#mynetworks_style

              The default is "subnet", which will include your attached networks.
              For an internet-facing MX this may be undesirable. When you use
              `postconf -d`, it will assume "subnet", so you have to interpret
              "mynetworks" with that in mind.

              > from whence it comes? - I have no mynetworks file.

              The docs explain this:
              http://www.postfix.org/postconf.5.html#mynetworks
              "Specify a list of network addresses or network/netmask patterns,
              separated by commas and/or whitespace. You can also specify
              "/file/name" or "type:table" patterns"
              I'd dare say the "normal" configuration for most of us is just putting
              your networks directly in main.cf, but you have the freedom to make it
              external.


              As mouss suggested, your query is unclear. I can think of two interpretations:
              1. "I've set mynetworks=127.0.0.0/8 in main.cf but for some reason
              machines on my LAN can relay mail out to the internet, how do I stop
              this?"
              2. "I've set mynetworks=127.0.0.0/8 in main.cf and I want to allow
              machines on my LAN to relay mail out to the internet, how do I make
              this possible?"
            • Sthu Pous
              ... Ok, but still how can it be that postconf -n gives me: mynetworks = 127.0.0.0/8 yet company mail users can send/get their mail w/ outward world can send to
              Message 6 of 9 , Jun 11, 2009
                Thank You for Your time and answer, Wietse:

                > > postconf -d
                > >
                > > I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24
                > >
                > > from whence it comes? - I have no mynetworks file.
                >
                > The command "postconf -d" does NOT show main.cf.

                Ok, but still how can it be that postconf -n gives me:

                mynetworks = 127.0.0.0/8

                yet company mail users can send/get their mail w/ outward world can send to
                them mail as well?
              • Sthu Pous
                ... I have (postconf -n): mynetworks = 127.0.0.0/8 yet company mail users can send/get their mail to/from outward world. And this is my question. What I want
                Message 7 of 9 , Jun 11, 2009
                  Thank You for Your time and answer, Barney:

                  > As mouss suggested, your query is unclear. I can think of two interpretations:
                  > 1. "I've set mynetworks=127.0.0.0/8 in main.cf but for some reason
                  > machines on my LAN can relay mail out to the internet, how do I stop
                  > this?"
                  > 2. "I've set mynetworks=127.0.0.0/8 in main.cf and I want to allow
                  > machines on my LAN to relay mail out to the internet, how do I make
                  > this possible?"

                  I have (postconf -n):

                  mynetworks = 127.0.0.0/8

                  yet company mail users can send/get their mail to/from outward world. And this
                  is my question.

                  What I want is this:

                  company users (having IPs 192.168.0.*) should get/send email;
                  all the world should only send email to the company users.

                  Also, my another question is on security topic: is possible (with some
                  miscofiguration of postfix/amavis/etc) that a hacker from outside world can get
                  root privileges on my OS? If yes, what are those configuration options that I
                  should check and what should be there values to provide secure email server?

                  Can You recommend a good email server manual (regarding postfix) - some
                  step by step tutorial w/ good explanation of things - as the documentation
                  that I read from postfix.org is not clear to me - as a lot of explanatory
                  stuff is out of there (to me)?
                Your message has been successfully submitted and would be delivered to recipients shortly.