Hi Chad,
I'm resurfacing an issue from about a month ago, on my transition to
Postfix. I've simply not had the time to worry about my internal stuff
not working, until now.
Your original recommendation was:
"Change your "mynetworks" line in /etc/postfix/main.cf to something like
this if you want to allow the whole 192.168.0.0/16 network to be able to
relay through it:
mynetworks = 127.0.0.0/8 [::1]/128 192.168.0.0/16
Then restart Postfix and see if that helps:
systemctl restart postfix"
I did this, but find that, when I execute the postfix restart, them
main.cf gets rewritten
Unfortunately that seems correct. I just checked this part of that
mechanism and it's not entirely working as intended for that particular
purpose:
In /etc/postfix/main.cf the line "mynetworks" is reserved and you cannot
edit it. It will get overwritten on Postfix restarts with the IP
addresses that you have bound to your server.
The *intended* mechanism for allowing to relay is under "Server
Management" / "Network Services" / "Email" in the "Advanced" tab.
The idea is to allow all hosts listed in "Relay Email From
Hosts/Domains/IP Addresses" to relay through your server.
However: In our current Postfix implementation that adds entries to
/etc/postfix/access like this:
test.smd.net RELAY
But if "Enable SMTP Auth" is active, that then trips Saslauthd and
relaying is denied, because the sender didn't authenticate.
You're right: In practical terms the IPs of allowed senders would need
to go into "mynetworks" instead of stuffing them into
/etc/postfix/access. The issue here is that we've sort of ported the
Sendmail config to the Postfix config and in Sendmail you can use the
access file to allow relaying w/o tripping SMTP-Auth. In Postfix it's a
different story.
The complication is that the GUI field "Relay Email From
Hosts/Domains/IP Addresses" accepts both IPs and domain names, but the
"mynetworks" line in Postfix just accepts IPs. So I'll have to throw in
some extra cogs and wheels to make sure that only IPs end up in the
"mynetworks" line. But this is doable.
I'll play around with it tomorrow and will see if I can work this out
and then we'll have a YUM update ready to fix this in the next few days.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
