Configuration with a VPN

Damian McGuckin Tue, 10 Jan 2017 20:35:42 -0800

Apologies is this is really dumb, but I have an OpenSMTPD running on ansystem with 1 real internal network (em1) and 1 sandbox network (pppx0)

which is the network that NPPPD uses to mess with packets.


        em1     10.10.10.0/24
        pppx0   10.10.1.0/24

My definition of a local is anything on those networks. I want any suchmachine to be able to send email internally and externally. The externalinterface 'em0' does not let SMTP packets through from the outside world.


I am using the very basic configuration

        table aliases file:/etc/mail/aliases

        listen on lo0
        listen on em1

        accept for local alias <aliases> deliver to mbox
        accept from local for any relay

Anything from the VPN sandbox can get to anything on 10.10.10.0/24. No
firewall rules get in the way.

Doing a telnet to port 25 of the SMTPD server from a machine on the VPN,say 10.10.1.219 which resolves to the same network as the host, i.e.


        telnet 10.10.10.1 25

and then grok'ing SMTP, you get

  helo ex219.example.com
  250 fire1.example.com Hello ex219.example.com [10.10.1.219], pleased to ..
  mail from:<r...@example.com>
  250 2.0.0: Ok
  rcpt to:<dami...@esi.com.au>
  550 Invalid Recipient

The same happens talking from say 10.10.10.98, a system on the localnetwork.


Doing the same sequence on the system(10.10.10.1) on which OpenSMTP
does not result in an invalid recipient.

If I remove the last line and change it to

        accept from any for any relay

Everything works. This seems a bit open to me.

What is defined as local and how do I convince OpenSMTPD's concept oflocal to reflect mine, i.e. both


        10.10.10.0/24 and 10.10.1.0/24

I do not want to 'listen on' the NPPPD sandbox VPN network because I have
no idea what that does or how it does it.

I tried putting both the networks

        10.10.10.0
        10.10.1.0

into a file called networks and created a table

        table networks file:/etc/mail/networks

and did

        accept from source <networks> for any relay

But that did not work. Makemap objected to the format. And using it raw,
i.e. without creating a '.db. version failed also (in the same way).

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Configuration with a VPN

Reply via email to