- Previous message: mouss: "Re: Stucked mail from amavis"
- Maybe in reply to: Thomas Burns: "Probably simple relay problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: mouss (no email)
Date: Tue Jan 03 2006 - 17:14:05 EST
Thomas Burns a écrit :
> Hi,
>
> I am having what I imagine is a really simple problem configuring
> postfix to relay mail. I am trying to set up a postfix server that
> will relay mail (newsletters) for a webapp. The relay server is
> running on a different server than the webapp. So, it needs to accept
> connections from the local subnet (or specific addresses, whichever is
> easier to setup). I am using version 2.0.10 (what ships with OS X 10.4).
>
> In main.cf, I set:
>
> mynetworks_style = subnet
define mynetworks explicitly instead of this. You are trusting all hosts
that match you ifconfig mask, including outsiders (people in the same
ISP network).
> smtpd_client_restrictions = permit_mynetworks, reject
You should add other checks to control what your webapp machine is doing
(to avoid having another prog on that box using email for example).
Examples:
- check that the heloname is the one you configured on your webapp
- reject non fqdn and weired addresses
- if your webapp uses a limited set of senders, make sure the sender is
in this set.
- you may add sasl auth if you can.
None of these will fully protect you but they may block "simple" attacks.
|
|
|