Loading ...
Sorry, an error occurred while loading the content.
 

Re: Directive "mynetwork" and "mynetwork_style"

Expand Messages
  • Muhammad Yousuf Khan
    Thanks :)
    Message 1 of 5 , Dec 14, 2012
      Thanks :)


      On Fri, Dec 14, 2012 at 1:35 PM, Will <will@...> wrote:
      >
      > On 12/14/12 01:43, Muhammad Yousuf Khan wrote:
      >
      > i am confuse about the utilization of directives: "mynetwork" and
      > "mynetwork_style"
      >
      > is "mynetwork" directive completely dependent on "mynetwork_style".
      > can i use only "mynetwork" for relaying messages or i always have to
      > use "mynetwork_style" along with "mynetwork" to allow relaying to
      > particular host or subnet.
      >
      > thanks in advance.
      >
      > mynetworks and mynetworks_style are essentially mutually exclusive; you use
      > either one or the other. If you specify mynetworks, mynetworks_style is
      > ignored. Each is used to specify SMTP clients that are "trusted" by the
      > server based on their IP address. mynetworks_style is used to specify
      > trusted clients based on their relationship to the server's IP address,
      > while mynetworks is specifies trusted clients by explicitly giving their IP
      > addresses or an IP address range. For example, specifying "mynetworks_style
      > = subnet" indicates that all clients in that subnet are trusted, while
      > mynetworks = 50.116.33.0/24 might be used instead to say the same thing (if
      > 50.116.33.0/24 describes your subnet).
      >
      > These clients are "trusted" because the mynetworks (or mynetworks_style)
      > parameter is used by smtpd to determine who is allowed to relay mail when
      > the smtpd_relay_restrictions parameter contains "permit_mynetworks." If you
      > haven't changed smtpd_relay_restrictions in your config, it defaults to
      > "permit_mynetworks, reject_unauth_destination," which will allow those
      > clients listed in mynetworks (or mynetworks_style) to relay mail. You only
      > need to use mynetworks OR mynetworks_style (but not both) to enable relaying
      > from certain clients.
      >
      > Read the documentation when you get confused. It is explained quite clearly
      > here:
      > http://www.postfix.org/postconf.5.html#mynetworks
      > http://www.postfix.org/postconf.5.html#mynetworks_style
      > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
      >
      > -Will
      >
    • mouss
      ... and it is recommended to use mynetworks. This is because mynetwork_style may open a hole in some situations (when your netwmaks is wide but you only own
      Message 2 of 5 , Dec 14, 2012
        Le 14/12/2012 11:28, Muhammad Yousuf Khan a écrit :
        > Thanks :)
        >

        and it is recommended to use mynetworks. This is because mynetwork_style
        may open a hole in some situations (when your netwmaks is wide but you
        only own few boxes in the same network. this is generally the case for
        residential networks).

        you can generally start with
        mynetworks = 127.0.0.1
        and then add the minimum subnets or IPs that need to relay via this
        postfix without SASL authentication.

        [snip]
      • Benny Pedersen
        ... dont define them in main.cf if defaults works postconf -d | grep mynetwork eg postfix knows all data from the host it runs on anyway so add # to the lines
        Message 3 of 5 , Dec 15, 2012
          Muhammad Yousuf Khan skrev den 14-12-2012 08:43:
          > i am confuse about the utilization of directives: "mynetwork" and
          > "mynetwork_style"

          dont define them in main.cf if defaults works

          postconf -d | grep mynetwork

          eg postfix knows all data from the host it runs on anyway

          so add # to the lines with mynetwork, mynetwork_style to keep defaults

          > is "mynetwork" directive completely dependent on "mynetwork_style".
          > can i use only "mynetwork" for relaying messages or i always have to
          > use "mynetwork_style" along with "mynetwork" to allow relaying to
          > particular host or subnet.

          yes, the parameters only need to be changed if you know more or if you
          have 2 servers that have diff physical wan ips or same owner of the
          networks that are not known on the host you run one server on
        Your message has been successfully submitted and would be delivered to recipients shortly.