Re: Allowing relay from IP subnet
- On Mon, Mar 04, 2013 at 03:03:03PM +0100, Andy Smith wrote:
> debug_peer_list = 192.168.16.19 192.168.16.141If this were your configuration, logs for connections from these
clients would be verbose. Are they?
> imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.credThis is an Apple-specific customization, make sure it is appropriate
for your site.
> mynetworks = 127.0.0.0/8, [::1]/128, 192.168.16.0/24This is generally sufficient to permit hosts in 192.168.16.0/24 to
relay, with no further non-default settings.
> smtpd_client_restrictions =This is pointless, it is equivalent to the default:
Just remove this setting from main.cf.
> smtpd_recipient_restrictions =This is the default setting, just remove this from main.cf (don't
set it empty, rather don't assign any value at all, e.g. comment
> smtpd_tls_ciphers = mediumThese are harmless, but pointless unless you enable TLS via
> tls_random_source = dev:/dev/urandom
"-o ..." options in master.cf.
> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULLYou should not customize cipher exclusion for no reason. The
defaults work better.
Are there any "smtpd -o ..." options in master.cf?
> use_sacl_cache = yesApple-specific, find out what it does.
> Mar 4 12:33:52 server.domain.com postfix/smtpd: connect fromNo evidence of debug logging, likely your Postfix is not using
> Mar 4 12:33:52 server.domain.com postfix/smtpd: NOQUEUE:
> reject: RCPT from unknown[192.168.16.19]: 554 5.7.1
> <asmith@...>: Relay access denied; from=<root@...>
> to=<asmith@...> proto=ESMTP helo=<iMac-de-Ana-Bru-2.domain.com>
> Mar 4 12:33:52 server.domain.com postfix/smtpd: disconnect
> from unknown[192.168.16.19]
the main.cf file you're showing.
> I'm left with the understandingThis setting has no effect at all.
> that smtpd_client_restrictions = permit_mynetworks
> permit_sasl_authenticated permit should be sufficient but it doesnt
> I also tried adding the smtpd_recipient_restrictions configThis is the default, and permits clients in mynetworks. So likely
> line as this wasn't present initially, but this made no difference.
your server is using a different main.cf file.