On 7/23/2016 12:12 PM, Vasileios Vlachos wrote: > Hello, > > My mail server is running postfix 2.11.3-1 on Debian 8.5. > > In order for my home server to be able to send mail to my mail > server to my domain, I have installed postfix on it (same version of > postfix as my server and same OS as the server as well) and > configured it as a smarthost. > > So given my mail server is responsible for mydomain.com > <http://mydomain.com>, I have done the following to my home server: > > /etc/mailname : mydomain.com <http://mydomain.com> > /etc/postfix/main.cf <http://main.cf> : relayhost = box.mydomain.com > <http://box.mydomain.com> # MX record for mydomain.com > <http://mydomain.com> > > Now, on the mail server, every "*_restrictions" option, allows > "mynetworks" ("permit_mynetworks" appears first in the list). The > "mynetworks" option includes the IP of my home server which makes > the entire thing work. However, I cannot guarantee that this IP > won't change. I use HE's free DDNS service for this reason and I > have a DNS A record which points to my home firewall. > > The question is, can I use this A record in the "mynetworks" option > of my mail server, or it only takes IP/IP ranges? If not, is there a > way to achieve what I want? I had a look on the documentation first > and I have a feeling the answer is no, but I am not 100% sure and i > thought I'd ask here. >
While you can use an IP in mynetworks, it is only resolved on startup, so it won't automatically change when your home server changes. This might still kinda work since smtpd restarts fairly often, after $max_use or $max_idle, and you can use smtp_delivery_status_filter to convert any relay denied messages into temporary failures. This will mostly work, but may not be 100% reliable, so an OK low-volume solution if you don't mind messing with it once in a while. http://www.postfix.org/postconf.5.html#smtp_delivery_status_filter The proper solution is to use some sort of authentication. For two postfix servers, using self-signed TLS certificates for mutual auth is pretty easy. Alternately, you can use SASL authentication, which may be a little more to set up. Either way will work fine once configured. http://www.postfix.org/TLS_README.html http://www.postfix.org/SASL_README.html -- Noel Jones
