On Sat, May 09, 2009 at 11:08:46AM -0400, Chas wrote:
> > On Fri, May 08, 2009 at 12:20:26PM -0400, Comtois, Andre wrote:
> >
> >>
> >> I'm having mixed results getting this to work. My postfix server
> >> accepts emails and relays them to the exchange server just fine, however
> >> it also seems to have no issues relaying emails to gmail.com as well, so
> >> I'm not sure how to restrict it to only accepting messages destined for
> >> my domain.
> >
> >
> > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
> > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to
> >
> > If your receiving system in the DMZ is behind a NAT device that translates
> > source addresses from the Internet to a fixed DMZ source IP address,
> > be SURE TO EXCLUDE that address from "mynetworks".
>
> Viktor, could you please be a bit more specific on this one? Are you
> saying to exclude the NATed IP or the Internet IP?
Don't NAT the SOURCE IP addresses of clients that connect TO your
server. Your server's own address can be subjected to NAT, but see the
documentation for the "proxy_interfaces" parameter.
> > Be sure to not NAT internal clients (your Exchange servers), or NAT them
> > to a different IP.
>
> This one is not clear to me either. I'm trying to setup 2 servers behind a
> Pix firewall, Postfix server before Exchange, both NAT'ed on the same
> subnet but both represented by 'real' external IP's on the ineternet. Will
> this not work properly?
It will work provided you don't SOURCE NAT.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
