On Wed, Jan 11, 2017 at 03:35:13PM +1100, Damian McGuckin wrote: > > Apologies is this is really dumb, but I have an OpenSMTPD running on an > system with 1 real internal network (em1) and 1 sandbox network (pppx0) > which is the network that NPPPD uses to mess with packets. > > em1 10.10.10.0/24 > pppx0 10.10.1.0/24 > > My definition of a local is anything on those networks. I want any such > machine to be able to send email internally and externally. The external > interface 'em0' does not let SMTP packets through from the outside world. > > I am using the very basic configuration > > table aliases file:/etc/mail/aliases > > listen on lo0 > listen on em1 > > accept for local alias <aliases> deliver to mbox > accept from local for any relay > > Anything from the VPN sandbox can get to anything on 10.10.10.0/24. No > firewall rules get in the way. > > Doing a telnet to port 25 of the SMTPD server from a machine on the VPN, say > 10.10.1.219 which resolves to the same network as the host, i.e. > > telnet 10.10.10.1 25 > > and then grok'ing SMTP, you get > > helo ex219.example.com > 250 fire1.example.com Hello ex219.example.com [10.10.1.219], pleased to .. > mail from:<r...@example.com> > 250 2.0.0: Ok > rcpt to:<dami...@esi.com.au> > 550 Invalid Recipient > > The same happens talking from say 10.10.10.98, a system on the local > network. > > Doing the same sequence on the system(10.10.10.1) on which OpenSMTP > does not result in an invalid recipient. > > If I remove the last line and change it to > > accept from any for any relay > > Everything works. This seems a bit open to me. > > What is defined as local and how do I convince OpenSMTPD's concept of local > to reflect mine, i.e. both > > 10.10.10.0/24 and 10.10.1.0/24 > > I do not want to 'listen on' the NPPPD sandbox VPN network because I have > no idea what that does or how it does it. >
what is defined as "local" is any IP address that is currently attached to any interface that is currently listening. local is really local to the machine, not to the network, in which case you need to use "from source" which can express an IP address or a subnet in CIDR notation. > I tried putting both the networks > > 10.10.10.0 > 10.10.1.0 > > into a file called networks and created a table > > table networks file:/etc/mail/networks > > and did > > accept from source <networks> for any relay > > But that did not work. Makemap objected to the format. And using it raw, > i.e. without creating a '.db. version failed also (in the same way). > Very likely your makemap was missing an option, by default it creates a mapping which expects two columns, did you run it with "-t set" so that it builds a set rather than a map ? without seeing the error of the raw format (which is prefered by the way) it's hard to tell you why it doesn't work. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
