Need to understand mynetworks_style more

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Need to understand mynetworks_style more

durwin
In our live system, I have firewall forwarding port 25 to mail server.  That mail server then delivers mail to Domino server.

I am testing on a VM, and I have this much configured and working within our LAN.

I am unclear as to delivery restrictions.  The default for mynetworks_style is subnet, so email will be accepted from any machine on LAN.
Does this restrict email coming in from internet?  Since I can't test with live system, I can't forward port 25 to VM for testing.

My goal:
I am migrating from Sendmail.  In Sendmail I use virtusertable to pass only defined users on to Domino server.
The problem I am having with Sendmail is, it does not reject email to unknown users, even with
@mydomain.com        ERROR
at end of file.  I am hoping Postfix can do this.  So I need to know how to receive email from internet
and reject unknown users, preferable before initial handshaking is complete and the whole emaill has been
transferred.

Thank you



This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary and/or confidential information which may be privileged or otherwise protected from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by reply email and destroy the original message and any copies of the message as well as any attachments to the original message.
Reply | Threaded
Open this post in threaded view
|

Re: Need to understand mynetworks_style more

Noel Jones-2
On 6/27/2018 2:44 PM, [hidden email] wrote:

> In our live system, I have firewall forwarding port 25 to mail
> server.  That mail server then delivers mail to Domino server.
>
> I am testing on a VM, and I have this much configured and working
> within our LAN.
>
> I am unclear as to delivery restrictions.  The default for
> mynetworks_style is subnet, so email will be accepted from any
> machine on LAN.
> Does this restrict email coming in from internet?  Since I can't
> test with live system, I can't forward port 25 to VM for testing.
>
> My goal:
> I am migrating from Sendmail.  In Sendmail I use virtusertable to
> pass only defined users on to Domino server.
> The problem I am having with Sendmail is, it does not reject email
> to unknown users, even with
> @mydomain.com        ERROR
> at end of file.  I am hoping Postfix can do this.  So I need to know
> how to receive email from internet
> and reject unknown users, preferable before initial handshaking is
> complete and the whole emaill has been
> transferred.
>
> Thank you

The mynetworks and mynetworks_style settings are for which machines
will be able to relay mail.  Any machine should be able to send mail
to relay_domains, which is where your internal server should be listed.

Typically, you would set mynetworks manually to specify the allowed
hosts/subnets and mynetworks_style won't be used.

Assuming your internal domain is listed in relay_domains, valid
users are listed in relay_recipient_maps, or postfix can use
reject_unverified_recipient to build a list automatically with
address probes.

A minimal config example can be found here:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

Some other pertinent pages:
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/ADDRESS_VERIFICATION_README.html



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Need to understand mynetworks_style more

durwin
Thank you.  That clarifies it for me.  I will look at those links.

Durwin




From:        Noel Jones <[hidden email]>
To:        [hidden email]
Date:        06/27/2018 02:01 PM
Subject:        Re: Need to understand mynetworks_style more
Sent by:        [hidden email]




On 6/27/2018 2:44 PM, [hidden email] wrote:
> In our live system, I have firewall forwarding port 25 to mail
> server.  That mail server then delivers mail to Domino server.
>
> I am testing on a VM, and I have this much configured and working
> within our LAN.
>
> I am unclear as to delivery restrictions.  The default for
> mynetworks_style is subnet, so email will be accepted from any
> machine on LAN.
> Does this restrict email coming in from internet?  Since I can't
> test with live system, I can't forward port 25 to VM for testing.
>
> My goal:
> I am migrating from Sendmail.  In Sendmail I use virtusertable to
> pass only defined users on to Domino server.
> The problem I am having with Sendmail is, it does not reject email
> to unknown users, even with
> @mydomain.com        ERROR
> at end of file.  I am hoping Postfix can do this.  So I need to know
> how to receive email from internet
> and reject unknown users, preferable before initial handshaking is
> complete and the whole emaill has been
> transferred.
>
> Thank you

The mynetworks and mynetworks_style settings are for which machines
will be able to relay mail.  Any machine should be able to send mail
to relay_domains, which is where your internal server should be listed.

Typically, you would set mynetworks manually to specify the allowed
hosts/subnets and mynetworks_style won't be used.

Assuming your internal domain is listed in relay_domains, valid
users are listed in relay_recipient_maps, or postfix can use
reject_unverified_recipient to build a list automatically with
address probes.

A minimal config example can be found here:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

Some other pertinent pages:
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/ADDRESS_VERIFICATION_README.html



 -- Noel Jones




This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary and/or confidential information which may be privileged or otherwise protected from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by reply email and destroy the original message and any copies of the message as well as any attachments to the original message.
Reply | Threaded
Open this post in threaded view
|

Re: Need to understand mynetworks_style more

durwin
In reply to this post by Noel Jones-2
[hidden email] wrote on 06/27/2018 02:00:42 PM:

> From: Noel Jones <[hidden email]>

> To: [hidden email]
> Date: 06/27/2018 02:01 PM
> Subject: Re: Need to understand mynetworks_style more
> Sent by: [hidden email]
>
> On 6/27/2018 2:44 PM, [hidden email] wrote:
> > In our live system, I have firewall forwarding port 25 to mail
> > server.  That mail server then delivers mail to Domino server.
> >
> > I am testing on a VM, and I have this much configured and working
> > within our LAN.
> >
> > I am unclear as to delivery restrictions.  The default for
> > mynetworks_style is subnet, so email will be accepted from any
> > machine on LAN.
> > Does this restrict email coming in from internet?  Since I can't
> > test with live system, I can't forward port 25 to VM for testing.
> >
> > My goal:
> > I am migrating from Sendmail.  In Sendmail I use virtusertable to
> > pass only defined users on to Domino server.
> > The problem I am having with Sendmail is, it does not reject email
> > to unknown users, even with
> > @mydomain.com        ERROR
> > at end of file.  I am hoping Postfix can do this.  So I need to know
> > how to receive email from internet
> > and reject unknown users, preferable before initial handshaking is
> > complete and the whole emaill has been
> > transferred.
> >
> > Thank you
>
> The mynetworks and mynetworks_style settings are for which machines
> will be able to relay mail.  Any machine should be able to send mail
> to relay_domains, which is where your internal server should be listed.


Where does Postfix look for mail servers to REJECT connections out right?
Like Sendmail's 'access'.

>
> Typically, you would set mynetworks manually to specify the allowed
> hosts/subnets and mynetworks_style won't be used.
>
> Assuming your internal domain is listed in relay_domains, valid
> users are listed in relay_recipient_maps, or postfix can use
> reject_unverified_recipient to build a list automatically with
> address probes.
>
> A minimal config example can be found here:
>
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
>
> Some other pertinent pages:
>
http://www.postfix.org/ADDRESS_CLASS_README.html
>
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
>
>
>
>   -- Noel Jones



This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary and/or confidential information which may be privileged or otherwise protected from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by reply email and destroy the original message and any copies of the message as well as any attachments to the original message.
Reply | Threaded
Open this post in threaded view
|

Re: Need to understand mynetworks_style more

Noel Jones-2
On 6/27/2018 3:09 PM, [hidden email] wrote:

>
> Where does Postfix look for mail servers to REJECT connections out
> right?
> Like Sendmail's 'access'.

Postfix uses access control maps, specified in main.cf

http://www.postfix.org/SMTPD_ACCESS_README.html

http://www.postfix.org/documentation.html



  -- Noel Jones