Valid examples for mynetworks file

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Valid examples for mynetworks file

Olaf313
Good day,

i am working on a migration from an IBM Domino SMTP server to Postfix. In
Domino we had SMTP_allow documents with IP addresses of systems allowed for
sending mails via this server.

Standard IP addresses are fine so i add them like:

192.168.148.52 OK

As far as i understand are *names *like system2.acme.com allowed in the
mynetworks file ?
So this would be OK :

system2.acme.com OK

What about wildcards * ?  Would that be also OK or do i need to translate it
into CIDR ?

192.168.*.*  OK      
or
192.168.50.* OK

Thank you,
Olaf



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Valid examples for mynetworks file

Wietse Venema
Olaf313:
> Good day,
>
> i am working on a migration from an IBM Domino SMTP server to Postfix. In
> Domino we had SMTP_allow documents with IP addresses of systems allowed for
> sending mails via this server.
>
> Standard IP addresses are fine so i add them like:
>
> 192.168.148.52 OK

Whether this is valid depends on how Postfix reads the file.

> As far as i understand are *names *like system2.acme.com allowed in the
> mynetworks file ?

Please clarify what you mean with 'the mynetworks file': Postfix
accepts mynetworks settings from a variety of sources:

- mynetworks setting in main.cf,

- A text file that contains the same syntax as the mynetworks setting
in main.cf, for example, mynetworks = ... /file/name ...

- An indexed file that contains one entry per record, for example,
mynetworks = ... hash:/etc/postfix/filename ..., or
mynetworks = ... ldap:etc/postfix/ldap-config-file ...In this case
the lookup result may be any non-empty string.

What syntax is valid depends on context.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Valid examples for mynetworks file

Noel Jones-2
In reply to this post by Olaf313
On 6/7/2018 8:10 AM, Olaf313 wrote:

> Good day,
>
> i am working on a migration from an IBM Domino SMTP server to Postfix. In
> Domino we had SMTP_allow documents with IP addresses of systems allowed for
> sending mails via this server.
>
> Standard IP addresses are fine so i add them like:
>
> 192.168.148.52 OK
>
> As far as i understand are *names *like system2.acme.com allowed in the
> mynetworks file ?
> So this would be OK :
>
> system2.acme.com OK
>
> What about wildcards * ?  Would that be also OK or do i need to translate it
> into CIDR ?
>
> 192.168.*.*  OK      
> or
> 192.168.50.* OK
>
> Thank you,
> Olaf


Postfix supports several map types for mynetworks.  Each map type
has its own valid syntax.  You can use more than one map for a
complex mynetworks definition. Domain names are allowed, but not
recommended. Some map types support wildcards.

http://www.postfix.org/postconf.5.html#mynetworks
http://www.postfix.org/DATABASE_README.html




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Valid examples for mynetworks file

Viktor Dukhovni
In reply to this post by Wietse Venema


> On Jun 7, 2018, at 10:40 AM, Wietse Venema <[hidden email]> wrote:
>
>> As far as i understand are *names *like system2.acme.com allowed in the
>> mynetworks file ?

Whitelisting based on DNS names is allowed, but fragile and
NOT recommended for inbound mail.  With name-based whitelists,
a transient failure in DNS lookups can cause mail to be
incorrectly rejected.  It is possible to do this correctly
with care on the submission service or dedicated outbound-only
smarthosts. For example on the submission port (587),

   main.cf:
        msa_client_restrictions =
                permit_sasl_authenticated,
                reject_unknown_client,
                permit_mynetworks,
                reject

   master.cf:
        submission inet ... smtpd
          ...
          -o smtpd_client_restrictions=$msa_client_restrictions
          ...

For dedicated outbound services using "reject_unknown_client"
turns temporary DNS lookup problems into tempfail conditions,
allowing upstream null clients to retry.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Valid examples for mynetworks file

Olaf313
In reply to this post by Wietse Venema
Sorry for the missing details:

I have added this to the default line in main.cf:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
hash:/etc/postfix/SMTP_allow.txt

then run the command

        postmap SMTP_allow.txt  (created the db file)
        postfix reload








--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Valid examples for mynetworks file

Wietse Venema
Olaf313:

> Sorry for the missing details:
>
> I have added this to the default line in main.cf:
>
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> hash:/etc/postfix/SMTP_allow.txt
>
> then run the command
>
>         postmap SMTP_allow.txt  (created the db file)
>         postfix reload

In that case each line has one host on the left,
and some non-empty string on the right.

        Wietse