On 04/24/2017 11:54 PM, Viktor Dukhovni wrote:
On Apr 24, 2017, at 5:43 PM, Robert Moskowitz <r...@htt-consult.com> wrote:
http://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts
I read that too. Can I specify $mynetworks ?
Quote:
Specify a list of network/netmask patterns, separated by commas and/or
whitespace. The mask specifies the number of bits in the network part
of a host address. You can also specify hostnames or .domain names (the
initial dot causes the domain to match any name below it),
"/file/name" or "type:table" patterns. A "/file/name" pattern is
replaced by its contents; a "type:table" lookup table is matched when a
table entry matches a lookup string (the lookup result is ignored).
Continue long lines by starting the next line with whitespace. Specify
"!pattern" to exclude an address or network block from the list. The
form "!/file/name" is supported only in Postfix version 2.4 and later.
Note: IP version 6 address information must be specified inside [] in
the smtpd_authorized_xforward_hosts value, and in files specified with
"/file/name". IP version 6 addresses contain the ":" character, and
would otherwise be confused with a "type:table" pattern.
As with the vast majority of Postfix parameters, "$variable" expansion
applies. However, you generally should not use $mynetworks here. More
typically that should just be "127.0.0.1" for allowing xforward data to
flow across a local SMTP content filter. Even if some xforward systems
are truly separate upstream hosts, I'd recommend settings this separately
from mynetworks.
Thanks Viktor,
I did: postconf -e smtpd_authorized_xforward_hosts="127.0.0.1"
postfix reload
then
sendmail -i r...@htt-consult.com <
/usr/share/doc/amavisd-new-2.10.1/test-messages/README
And amavis is complaining about Open relay. So looks very much like
amavis is just not getting this right.
Apr 24 18:04:58 z9m9z amavis[29479]: (29479-02) LMTP [127.0.0.1]:10024
/var/spool/amavisd/tmp/amavis-20170424T102114-29479-kiPcalrA:
<r...@z9m9z.test.htt-consult.com> -> <r...@htt-consult.com> SIZE=1424
Received: from z9m9z.test.htt-consult.com ([127.0.0.1]) by localhost
(z9m9z.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with
LMTP for <r...@htt-consult.com>; Mon, 24 Apr 2017 18:04:58 -0400 (EDT)
Apr 24 18:04:58 z9m9z amavis[29479]: (29479-02) Checking: f4bZ8Ga89YJd
[127.0.0.1] <r...@z9m9z.test.htt-consult.com> -> <r...@htt-consult.com>
Apr 24 18:04:58 z9m9z amavis[29479]: (29479-02) Open relay? Nonlocal
recips but not originating: r...@htt-consult.com