Re: enabling xforward in ehlo

Mon, 24 Apr 2017 15:22:37 -0700 


On 04/24/2017 11:54 PM, Viktor Dukhovni wrote:

On Apr 24, 2017, at 5:43 PM, Robert Moskowitz <r...@htt-consult.com> wrote:


http://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts


I read that too.  Can I specify $mynetworks ?

Quote:

        Specify a list of network/netmask patterns, separated by commas and/or
        whitespace. The mask specifies the number of bits in the network part
        of a host address. You can also specify hostnames or .domain names (the
        initial dot causes the domain to match any name below it),
        "/file/name" or "type:table" patterns.  A "/file/name" pattern is
        replaced by its contents; a "type:table" lookup table is matched when a
        table entry matches a lookup string (the lookup result is ignored).
        Continue long lines by starting the next line with whitespace. Specify
        "!pattern" to exclude an address or network block from the list. The
        form "!/file/name" is supported only in Postfix version 2.4 and later.

        Note: IP version 6 address information must be specified inside [] in
        the smtpd_authorized_xforward_hosts value, and in files specified with
        "/file/name".  IP version 6 addresses contain the ":" character, and
        would otherwise be confused with a "type:table" pattern.

As with the vast majority of Postfix parameters, "$variable" expansion
applies.  However, you generally should not use $mynetworks here.  More
typically that should just be "127.0.0.1" for allowing xforward data to
flow across a local SMTP content filter.  Even if some xforward systems
are truly separate upstream hosts, I'd recommend settings this separately
from mynetworks.


Thanks Viktor,

I did: postconf -e smtpd_authorized_xforward_hosts="127.0.0.1"

postfix reload

then


sendmail -i r...@htt-consult.com < 
/usr/share/doc/amavisd-new-2.10.1/test-messages/README



And amavis is complaining about Open relay.  So looks very much like 
amavis is just not getting this right.



Apr 24 18:04:58 z9m9z amavis[29479]: (29479-02) LMTP [127.0.0.1]:10024 
/var/spool/amavisd/tmp/amavis-20170424T102114-29479-kiPcalrA: 
<r...@z9m9z.test.htt-consult.com> -> <r...@htt-consult.com> SIZE=1424 
Received: from z9m9z.test.htt-consult.com ([127.0.0.1]) by localhost 
(z9m9z.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with 
LMTP for <r...@htt-consult.com>; Mon, 24 Apr 2017 18:04:58 -0400 (EDT)



Apr 24 18:04:58 z9m9z amavis[29479]: (29479-02) Checking: f4bZ8Ga89YJd 
[127.0.0.1] <r...@z9m9z.test.htt-consult.com> -> <r...@htt-consult.com>



Apr 24 18:04:58 z9m9z amavis[29479]: (29479-02) Open relay? Nonlocal 
recips but not originating: r...@htt-consult.com

























					Reply via email to