| View previous topic :: View next topic |
| Author |
Message |
guero61
l33t
Joined: 14 Oct 2002
Posts: 811
Location: Behind you
|
 Posted: Mon Apr 07, 2003 11:07 pm Post subject: Postfix relaying -- how to open up a little? |
 |
|
I've set up postfix/courier-imap/ssl on a little machine, according to the Desktop guide, but have one major problem -- I'd like to use it as the mail server for my entire subnet (completely firewalled except for a few stealthed ports). However, even though I set the mynetworks variable to 192.168.0.0/29 127.0.0.0/8 (I only want the first 8 hosts to have access; anything beyond may not be one of my own boxen, but a friend's (LAN parties).
The problem is, the server (192.168.0.1) refuses relays from my personal machine (192.168.0.2). Why, even though I supposedly have the "mynetworks" set correctly? |
|
| Back to top |
|
 |
acidreign
Tux's lil' helper
Joined: 21 Apr 2002
Posts: 122
Location: Brisbane, Australia
|
| Posted: Tue Apr 08, 2003 12:11 am Post subject: Postfix |
|
|
Shouldnt that be closing it up a little ?
I dont know if this will help you, but here is the setup of my main.cf without the comments. If it was me, i'd just use the standard hostmask, and iptables the rest to hell.
acidreign@beta3 acidreign $ cat /etc/postfix/main.cf | grep -v ^# | grep -v ^$
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = beta3.no-ip.com
mydomain = beta3.no-ip.com
myorigin = beta3.no-ip.com
inet_interfaces = all
mydestination = beta3.no-ip.com
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.1.0/24, 127.0.0.0/8
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
mail_spool_directory = /var/spool/mail
luser_relay = postmaster@beta3.no-ip.com
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /etc/postfix/sample
readme_directory = /usr/share/doc/postfix-X.X.X |
|
| Back to top |
|
|
guero61
l33t
Joined: 14 Oct 2002
Posts: 811
Location: Behind you
|
| Posted: Tue Apr 08, 2003 3:57 am Post subject: |
|
|
*sigh*
Doesn't help. I know my hostmask is correct -- it's just a classless IP with a standard mask. Doesn't matter if I open it up to /24 or crank it down to /31, it still refuses to relay for my subnet.
Network address: 192.168.0.0
Subnet mask: 255.255.255.0
Gateway/Switch/NAT/DHCP: 192.168.0.254
Server: static IP 192.168.0.1
PC: static IP 192.168.0.2
***GOT IT***
The PC's running in Windows right now, which does NOT have a hosts entry for the server. Therefore, when trying to connect via DNS, it goes out of the network and back in -- no wonder postfix was denying it, it was coming from my world-visible IP!
So, if you're trying what I was and using a single mail server for a whole private network, MAKE SURE that the host is either name-resolveable on the local network (to prevent going outside) or that you enter the IP instead of the server name in your mail client. Happy hunting! |
|
| Back to top |
|
|
wolf31o2
Retired Dev
Joined: 31 Jan 2003
Posts: 628
Location: Mountain View, CA
|
| Posted: Tue Apr 08, 2003 2:43 pm Post subject: |
|
|
| That is exactly why I use the internal names for accessing internal machines. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
