Hello Noel, > While you can use an IP in mynetworks, it is only resolved on > startup, ...
I am using an IP at the moment; did you mean I can use an A record as well (since you talk about resolution next)? I didn't know about $max_use and $max_idle. I also didn't know that a possible A record will only be resolved on startup. A configuration that would serve as a workaround due to this behaviour makes me think it might not be worth it. I will have a go on the TLS solution you suggested though. Thank you very much for your help! Vasilis On Sat, Jul 23, 2016 at 6:40 PM, Noel Jones <[email protected]> wrote: > On 7/23/2016 12:12 PM, Vasileios Vlachos wrote: > > Hello, > > > > My mail server is running postfix 2.11.3-1 on Debian 8.5. > > > > In order for my home server to be able to send mail to my mail > > server to my domain, I have installed postfix on it (same version of > > postfix as my server and same OS as the server as well) and > > configured it as a smarthost. > > > > So given my mail server is responsible for mydomain.com > > <http://mydomain.com>, I have done the following to my home server: > > > > /etc/mailname : mydomain.com <http://mydomain.com> > > /etc/postfix/main.cf <http://main.cf> : relayhost = box.mydomain.com > > <http://box.mydomain.com> # MX record for mydomain.com > > <http://mydomain.com> > > > > Now, on the mail server, every "*_restrictions" option, allows > > "mynetworks" ("permit_mynetworks" appears first in the list). The > > "mynetworks" option includes the IP of my home server which makes > > the entire thing work. However, I cannot guarantee that this IP > > won't change. I use HE's free DDNS service for this reason and I > > have a DNS A record which points to my home firewall. > > > > The question is, can I use this A record in the "mynetworks" option > > of my mail server, or it only takes IP/IP ranges? If not, is there a > > way to achieve what I want? I had a look on the documentation first > > and I have a feeling the answer is no, but I am not 100% sure and i > > thought I'd ask here. > > > > While you can use an IP in mynetworks, it is only resolved on > startup, so it won't automatically change when your home server > changes. This might still kinda work since smtpd restarts fairly > often, after $max_use or $max_idle, and you can use > smtp_delivery_status_filter to convert any relay denied messages > into temporary failures. This will mostly work, but may not be 100% > reliable, so an OK low-volume solution if you don't mind messing > with it once in a while. > http://www.postfix.org/postconf.5.html#smtp_delivery_status_filter > > > The proper solution is to use some sort of authentication. For two > postfix servers, using self-signed TLS certificates for mutual auth > is pretty easy. Alternately, you can use SASL authentication, which > may be a little more to set up. Either way will work fine once > configured. > > http://www.postfix.org/TLS_README.html > http://www.postfix.org/SASL_README.html > > > -- Noel Jones >
