Postfix main.cf (mynetworks)

Walhalla

Well-Known Member
Jan 26, 2018
51
4
48
54
Hi,
only one point I really would like to change in main.cf (several others too) is mynetworks. You add:

1. the whole network of the servers IP -> 1.2.3.4/24

2. all the machines in transports -> 1.2.3.5, 1.2.3.6, ....

I really dont want to have ALL THE MACHINES of this network in mynetworks. Further it is senseless to add IPs from the network again (included in .../24).

20 domains in the transport table with the same host result in 20 identical entries in mynetworks. Imagining that one has 10.000 domains .... it becomes an "interesting" main.cf .... full of the same IP in mynetwork?!

Is there any way to modify the main.cf and the changes will survive the next modification by the web?

Thanks & regards

Walhalla
 
See my other posts and I also suggest you take a look on or new API.
 
Yes, but do you think that this behaviour is correct? Adding the enire network as mynetwork?

@ API: I only found this in the manual ->

13.3. pmgsh - API Shell
Interactive session:

pmgsh

Directly call API functions:
pmgsh (get|set|create|help) <path> [OPTIONS]

and pmgsh help ->

help [path] [--verbose]
cd [path]
ls [path]

get /version

Are there some more informations / HowTos availlable regarding this API?

Thanks Walhalla
 
Sorry to resurect an old thread. I happen to agree with the OP (walhalla). being the same subnet does't mean carte blanche to send mail (the default for the internal port : permit_mynetworks,reject_unauth_destination gives any host on the same subnet the ability to send mail anywhere for any domain)
from /usr/share/perl5/PVE/RESTHandler.pm
1161 my $mynetworks = [ '127.0.0.0/8', '[::1]/128' ];
1162
1163 if (my $int_net_cidr = PMG::Utils::find_local_network_for_ip($int_ip, 1)) {
1164 if ($int_net_cidr =~ m/^($IPV6RE)\/(\d+)$/) {
1165 push @$mynetworks, "[$1]/$2";
1166 } else {
1167 push @$mynetworks, $int_net_cidr;
1168 }
1169 }

that seams responsible for adding the network to postfix.mynetworks .
I dont see a way to neutralize it except remove postfix.mynetworks from the template or commenting out the code above in the source file.
I'd say dont do that and let the admin add whatever they want explicitly to /etc/pmg/mynetworks.
 
Sorry for my first necro-post on the forum, but I couldn't help myself :p.
Triggered by the last post (probably a dormant member, or worse a left one, but always welcome to become active again) I almost came to the same conclusion.
But there is a more elegant solution via the mail filter rules, without touching templates or the source scripts.

Just create 1 rule blocking 1 or more IP Networks (who object) (f.e. several internal lans)
Create another rule accepting specific IP Addresses (who object) with a higher priority than the block rule.

And if you want to get some logging for the clients when they are being blocked, you can set Before Queue Filtering to Yes in Mail proxy Options.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!