Discussion:
control ip address who uses postfix
(too old to reply)
Kristofferson Campilan
2017-03-02 06:03:44 UTC
Permalink
Hi All,

this is my main.cf,i wanna control the the relaying by IP address,thisconfig works but ip addresses not listed on "mynetworks" can still relay emails

#################### Gmail Relay Config ############################

myhostname = donotreply.example.com
myorigin = example.com
relayhost = [smtp-relay.gmail.com]:25
#relayhost = [smtp-relay.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
mydomain = example.com
relay_domains = $mydomain
message_size_limit = 0
inet_interfaces = 192.168.*.* ,127.0.0.1

###################################################### Allowed Networks #########################################################################################################################################
mynetworks = 192.168.1.0/24,192,168.3.0/24

###################################################### Allowed Networks #########################################################################################################################################


#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks

###########Replace HEADERS to ***@example.com##############
#sender_canonical_classes = envelope_sender, header_sender
sender_canonical_classes = envelope_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
#smtp_header_checks = regexp:/etc/postfix/header_check
###########Replace HEADERS to ***@example.com##############

#debug_peer_list=smtp-relay.gmail.com
#debug_peer_level=3
#################### Gmail Relay Config ############################


thank you
Bob Nichols
2017-03-02 13:46:52 UTC
Permalink
Post by Kristofferson Campilan
this is my main.cf,i wanna control the the relaying by IP address,thisconfig works but ip addresses not listed on "mynetworks" can still relay emails
...
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks
All *_restrictions parameters end with an implicit "permit" action,
which is used if none of the restrictions in the list apply to the
message being handled. "permit_mynetworks" only applies to messages
from mynetworks, so the final implicit "permit" will apply to messages
from elsewhere. In order to reject relay attempts from outside
mynetworks, you need to add an explicit "reject" after "permit_mynetworks":

smtpd_relay_restrictions = permit_mynetworks, reject


(This assumes that this Postfix instance is purely an outbound gateway
from your local network to your gmail account. If it also needs to
accept incoming messages from anywhere, you should use
"reject_unauth_destination" instead of "reject").
--
for e-mail remove .invalid
Loading...