|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
|||
postfix incoming only on external
Hi All. I'm wanting to accept only incoming email (i.e. that which is destined for my network) on the external interface, yet outgoing on internal interfaces. In fact, I want to have it listen on one port to allow outgoing, and only incoming on port 25. Then I can alter pf.conf to disallow connection from anything not AT&T network so I can still use my phone.
Can anybody help with the configuration help I need for postfix?
__________________
anything done in the GUI is done more efficiently in cli |
|
|||
just in case
In case my attempts at being clear failed me again..
Ideal configuration ext_if: accept smtp for locally hosted domain only on port 25 ext_if: accept smtp for any domain on an ambiguous high number port (later to be locked down to a range of ips matching my mobile phone network) int_if: accept smtp for any domain on port 25 Secondary configuration ext_if: accept smtp for locally hosted domain only on port 25 int_if: accept smtp for any domain on port 25 specifically what to change in postfix main.cf or whatever to accomplish this would be wonderful. I'm sure somebody knows postfix. Thanks in advance for any help anybody can provide.
__________________
anything done in the GUI is done more efficiently in cli |
|
|||
I still don't understand which problem you are trying to solve
Are you aware that nowadays many mail installations use port 587 (with TLS/SSL) for their users to submit mail? Users have to authenticate with username and password an an encrypted channel is being used. For example gmail Code:
Outgoing Mail (SMTP) Server - requires TLS: smtp.gmail.com (use authentication) Use Authentication: Yes Use STARTTLS: Yes (some clients call this SSL) Port: 465 or 587
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
understanding
J65nko,
Yes, thank you. I am familiar with this configuration, but unfortunately it is not what I was going for here. If anybody can help out with what I've described, please help. If my description is still unclear, please let me know. I'm not sure how else to describe it though. As this mail server will be the authoritative smtp server for a working domain, it obviously needs to be able to allow connections on port 25. However, I don't want this to open me up as a relay for others. This is where the different configuration for the internal interface vs. the external interface.
__________________
anything done in the GUI is done more efficiently in cli |
|
|||
Using SMTP AUTH on port 587 lets you do exactly what you want, selective relaying.
I will shut up now
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Figured it out
j65nko, no need to shut up. I appreciate the help. You have always been very helpful and knowledgeable. At this point I'm not wanting to implement ssl, but as it turns out, what I'm wanting to accomplish is very doable by simply understanding the postconf a bit better. For anybody who might be thinking they want what I was describing, here is what I learned:
mydestination = $myhostname, localhost.$mydomain, localhost relay_domains = $mydestination mynetworks = 10.x.x.0/24, 172.x.x.0/24 The domains referenced in "mydestination" are allowed as domains which this server will "relay for" and therefore allow anybody who connects to submit mail for that domain. The "mynetworks" is automatically allowed to relay to any domain. This is exactly what I was looking for. If I wanted to, I could add a block of IPs belonging to my phone network in "mynetworks" so that I can send email from my phone. Thanks again for your willingness to help j65nko. You are one of the integral reasons this forum (now and it's first incarnation) is one of the very best. BSD is only as good to new people as the people supporting it.
__________________
anything done in the GUI is done more efficiently in cli |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
mounting external XFS HDD | rativid | OpenBSD General | 5 | 3rd September 2010 02:31 PM |
PF NAT and 2 external nic´s | Calderon | FreeBSD Security | 20 | 9th September 2009 12:46 PM |
External Ips | zomo | OpenBSD General | 12 | 20th November 2008 09:47 AM |
Router for external IP's | bichumo | General software and network | 11 | 22nd July 2008 03:07 AM |
BSD n00b needs to block incoming SQL on 3306 | renolinux | FreeBSD Security | 5 | 27th May 2008 02:26 PM |