Kristofferson Campilan
2017-03-02 06:03:44 UTC
Hi All,
this is my main.cf,i wanna control the the relaying by IP address,thisconfig works but ip addresses not listed on "mynetworks" can still relay emails
#################### Gmail Relay Config ############################
myhostname = donotreply.example.com
myorigin = example.com
relayhost = [smtp-relay.gmail.com]:25
#relayhost = [smtp-relay.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
mydomain = example.com
relay_domains = $mydomain
message_size_limit = 0
inet_interfaces = 192.168.*.* ,127.0.0.1
###################################################### Allowed Networks #########################################################################################################################################
mynetworks = 192.168.1.0/24,192,168.3.0/24
###################################################### Allowed Networks #########################################################################################################################################
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks
###########Replace HEADERS to ***@example.com##############
#sender_canonical_classes = envelope_sender, header_sender
sender_canonical_classes = envelope_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
#smtp_header_checks = regexp:/etc/postfix/header_check
###########Replace HEADERS to ***@example.com##############
#debug_peer_list=smtp-relay.gmail.com
#debug_peer_level=3
#################### Gmail Relay Config ############################
thank you
this is my main.cf,i wanna control the the relaying by IP address,thisconfig works but ip addresses not listed on "mynetworks" can still relay emails
#################### Gmail Relay Config ############################
myhostname = donotreply.example.com
myorigin = example.com
relayhost = [smtp-relay.gmail.com]:25
#relayhost = [smtp-relay.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
mydomain = example.com
relay_domains = $mydomain
message_size_limit = 0
inet_interfaces = 192.168.*.* ,127.0.0.1
###################################################### Allowed Networks #########################################################################################################################################
mynetworks = 192.168.1.0/24,192,168.3.0/24
###################################################### Allowed Networks #########################################################################################################################################
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks
###########Replace HEADERS to ***@example.com##############
#sender_canonical_classes = envelope_sender, header_sender
sender_canonical_classes = envelope_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
#smtp_header_checks = regexp:/etc/postfix/header_check
###########Replace HEADERS to ***@example.com##############
#debug_peer_list=smtp-relay.gmail.com
#debug_peer_level=3
#################### Gmail Relay Config ############################
thank you