Loading ...
Sorry, an error occurred while loading the content.

SOLVED (of course): postfix stopped relaying after client changed IP address

Expand Messages
  • M. Fioretti
    there are times when a refreshing, if a bit embarrassing shock from others is the only way out of a problem. I can t remember how many times I DID check that
    Message 1 of 7 , Jan 29, 2013
    • 0 Attachment
      there are times when a refreshing, if a bit embarrassing "shock" from
      others is the only way out of a problem.

      I can't remember how many times I DID check that string I had typed to be
      sure there were no typos before posting for help, but of course, it was
      159, not 59, sorry.

      Thanks!
      of course, any comment on this is still welcome, as well as on any
      weakness in my server postconf -n output.

      Marco

      > 1) the control panel of my modem says my public IP address is 2.39.122.159
      > 2) which is the same address that postfix in the server sees, cfr the log
      > above
      > 3) but if I ask http://www.whatismyip.com/ what my current public IP
      > address is, I get a _different_ value 108.162.231.39
    • /dev/rob0
      ... The original issue was to be able to relay from a dynamic residential IP address on your server. Your solution, adding the dynamic IP to mynetworks, is
      Message 2 of 7 , Jan 30, 2013
      • 0 Attachment
        On Tue, Jan 29, 2013 at 12:22:35PM +0100, M. Fioretti wrote:
        > of course, any comment on this is still welcome, as well as on any
        > weakness in my server postconf -n output.

        The original issue was to be able to relay from a dynamic residential
        IP address on your server. Your solution, adding the dynamic IP to
        mynetworks, is less than ideal in many ways. For one thing, it's a
        high-maintenance solution, where you must change mynetworks with
        every IP address change. For another, what if you don't get to it?
        What if the new owner of your previous IP address is running malware
        with an open relay tester? What if that malware finds you? Ouch!

        The standard solution is SASL AUTH (typically also requiring TLS
        encryption for security.) This is covered here:

        http://www.postfix.org/SOHO_README.html#client_sasl_enable

        A less common, but very good, solution is TLS authentication, which
        is covered here:

        http://www.postfix.org/TLS_README.html#server_access

        If you don't want to get into all that, you can use a VPN like
        openvpn to make a tunnel through which to send your mail, and add
        your tunnel IP address to mynetworks.
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      Your message has been successfully submitted and would be delivered to recipients shortly.