postfix mynetworks question

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix mynetworks question

Charles Amstutz

Hi everyone,

 

I’m seeing that you can move the trusted networks (mynetworks) in main.cf  from a single line to a file.   My question is this: in the file format,  is it one IP per Line or do you still put It on one line seprating out by commas?  Also, is it safe to put comments in that file? I’d like to document which IP is what.

 

I know these are basic questions, but looking for answers.

Reply | Threaded
Open this post in threaded view
|

Re: postfix mynetworks question

Wietse Venema
Charles Amstutz:
> Hi everyone,
>
> I'm seeing that you can move the trusted networks (mynetworks) in
> main.cf  from a single line to a file.   My question is this: in
> the file format,  is it one IP per Line or do you still put It on
> one line seprating out by commas?  Also, is it safe to put comments
> in that file? I'd like to document which IP is what.

As documented it depends on the kind of file.

> I know these are basic questions, but looking for answers.

Quoting from http://www.postfix.org/postconf.5.html#mynetworks

In main.cf:

    Specify a list of network addresses or network/netmask patterns,
    separated by commas and/or whitespace. Continue long lines by
    starting the next line with whitespace.

    The netmask specifies the number of bits in the network part
    of a host address.

    You can also specify "/file/name" or "type:table" patterns.

In a "/file/name"

    A "/file/name" pattern is replaced by its contents. So the
    contents have the same format as main.cf.

    In the examples section, this is shown as
    "mynetworks = $config_directory/mynetworks"

In a  "type:table"

    A "type:table" lookup table is matched when a table entry matches
    a lookup string (the lookup result is ignored).

    In the examples section, this is shown as
    "mynetworks = hash:/etc/postfix/network_table".

The description assumes that you know how to use hash: and other
Postfix lookup tables.

        Wietse
"
Reply | Threaded
Open this post in threaded view
|

Re: postfix mynetworks question

Wietse Venema
Wietse Venema:

> Charles Amstutz:
> > Hi everyone,
> >
> > I'm seeing that you can move the trusted networks (mynetworks) in
> > main.cf  from a single line to a file.   My question is this: in
> > the file format,  is it one IP per Line or do you still put It on
> > one line seprating out by commas?  Also, is it safe to put comments
> > in that file? I'd like to document which IP is what.
>
> As documented it depends on the kind of file.
>
> > I know these are basic questions, but looking for answers.
>
> Quoting from http://www.postfix.org/postconf.5.html#mynetworks
>
> In main.cf:
>
>     Specify a list of network addresses or network/netmask patterns,
>     separated by commas and/or whitespace. Continue long lines by
>     starting the next line with whitespace.
>
>     The netmask specifies the number of bits in the network part
>     of a host address.
>
>     You can also specify "/file/name" or "type:table" patterns.
>
> In a "/file/name"
>
>     A "/file/name" pattern is replaced by its contents. So the
>     contents have the same format as main.cf.
>
>     In the examples section, this is shown as
>     "mynetworks = $config_directory/mynetworks"
>
> In a  "type:table"
>
>     A "type:table" lookup table is matched when a table entry matches
>     a lookup string (the lookup result is ignored).
>
>     In the examples section, this is shown as
>     "mynetworks = hash:/etc/postfix/network_table".
>
> The description assumes that you know how to use hash: and other
> Postfix lookup tables.

You can have #comment at the start of a line in hash:/etc/postfix/network_table (http://www.postfix.org/postmap.1.html).

You can have #comment at the start of a line in main.cf
(http://www.postfix.org/postconf.5.html)

You can't have comments in "/file/name"
(because http://www.postfix.org/postconf.5.html does not say you can have
comments here).

You can't have comments anywhere else.
(because http://www.postfix.org/postmap.1.html and http://www.postfix.org/postconf.5.html don't say that you can have comments there).

        Wietse


Reply | Threaded
Open this post in threaded view
|

Re: postfix mynetworks question

Noel Jones-2
On 4/1/2020 10:48 AM, Wietse Venema wrote:

> Wietse Venema:
>> Charles Amstutz:
>>> Hi everyone,
>>>
>>> I'm seeing that you can move the trusted networks (mynetworks) in
>>> main.cf  from a single line to a file.   My question is this: in
>>> the file format,  is it one IP per Line or do you still put It on
>>> one line seprating out by commas?  Also, is it safe to put comments
>>> in that file? I'd like to document which IP is what.
>>
>> As documented it depends on the kind of file.
>>
>>> I know these are basic questions, but looking for answers.
>>
>> Quoting from http://www.postfix.org/postconf.5.html#mynetworks
>>
>> In main.cf:
>>
>>      Specify a list of network addresses or network/netmask patterns,
>>      separated by commas and/or whitespace. Continue long lines by
>>      starting the next line with whitespace.
>>
>>      The netmask specifies the number of bits in the network part
>>      of a host address.
>>
>>      You can also specify "/file/name" or "type:table" patterns.
>>
>> In a "/file/name"
>>
>>      A "/file/name" pattern is replaced by its contents. So the
>>      contents have the same format as main.cf.
>>
>>      In the examples section, this is shown as
>>      "mynetworks = $config_directory/mynetworks"
>>
>> In a  "type:table"
>>
>>      A "type:table" lookup table is matched when a table entry matches
>>      a lookup string (the lookup result is ignored).
>>
>>      In the examples section, this is shown as
>>      "mynetworks = hash:/etc/postfix/network_table".
>>
>> The description assumes that you know how to use hash: and other
>> Postfix lookup tables.
>
> You can have #comment at the start of a line in hash:/etc/postfix/network_table (http://www.postfix.org/postmap.1.html).
>
> You can have #comment at the start of a line in main.cf
> (http://www.postfix.org/postconf.5.html)
>
> You can't have comments in "/file/name"
> (because http://www.postfix.org/postconf.5.html does not say you can have
> comments here).
>
> You can't have comments anywhere else.
> (because http://www.postfix.org/postmap.1.html and http://www.postfix.org/postconf.5.html don't say that you can have comments there).
>
> Wietse
>
>


I suppose you could use a hash: or cidr: type table, and use the
comment for the (ignored) result.

Normally type:table maps don't support inline comments, but in this
special case the result is ignored (the presence of any result is
what postfix looks for), so it should work fine.



   -- Noel Jones