Allowing all hosts that can connect to port 26 be trusted networks.

C

CRCinAU

Renowned Member
May 4, 2020
190
52
68
crc.id.au
Hi all,

So I have a mate that I'm relaying email via my PMG instance. He's on a dynamic IP - which due to DNS updates works fine for sending mail TO his mail server, but having mail sent via PMG port 26 becomes difficult because I can't add a dynamic IP to the list of trusted networks.

Given I have a firewall that *does* understand dynamic IPs etc, how can I allow relay access via any host that can connect to port 26?

I can't seem to add 0.0.0.0/0 or 0.0.0.0/2 and 127.0.0.0/2 as networks to emulate adding 0.0.0.0/0 as a trusted network.
 
CRCinAU said:
Given I have a firewall that *does* understand dynamic IPs etc, how can I allow relay access via any host that can connect to port 26?
Click to expand...
adapt the postfix config (https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine) to allow all IPs for the listener on port 26.

I'd strongly recommend against adding 0/0 to the trusted networks - as those are added to postfix `mynetworks` which is allowed on the external port as well - you'd be creating a open relay that way

I hope this helps!
 
I have a bash script that runs via crontab.

It knows the DDNS hostname(s) that are connecting to port 26.
It keeps track of their IP addresses.
If anything changes,
- it writes to /etc/pmg/mynetworks
- it runs pmgconfig sync to make it active.
 
Stoiko Ivanov said:
adapt the postfix config (https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine) to allow all IPs for the listener on port 26.
Click to expand...

Had a chance to take a look at this today.

I've done modifications to templates before, so not a huge learning curve here - but on the postfix config side, if I'm understanding it right, I just have to add `-o mynetworks=0.0.0.0/0` to the section for pmg.mail.int_port (which is port 26 in my case) in master.cf.in

Does this seem sane?

the end result after pmgconfig sync is:
Code: 
26       inet  n -       -       -       100      smtpd
  -o smtpd_proxy_filter=127.0.0.1:10023
  -o smtpd_proxy_options=speed_adjust
  -o smtpd_client_connection_count_limit=10
  -o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_data_restrictions=
  -o smtpd_forbid_bare_newline=no
  -o mynetworks=0.0.0.0/0

That seems sane to me - but its been a number of years since I've looked at postfix config now...
 
You must log in or register to reply here.
Top Bottom