Trusted Networks issue

sudoer

Active Member
Oct 1, 2019
22
2
43
Hi,

recently I discovered an issue which I was not able to solve so far:
Additionally to the IP Addresses under "Trusted Networks" in GUI we have some more public IP's in our postfix "mynetworks" configuration.
checked
- /etc/hosts
- /etc/pmg/templates/main.cf
- all files under /etc/pmg and /etc/postfix for the existence of one of the IP Adresses in question
--> found nothing

In /etc/pmg/templates/main.cf.in:
Code:
mynetworks = [% postfix.mynetworks %]

If I remove those Addresses directly in main.cf, they re-appear after any change in GUI, but they are not visible there.
Where else to check?
thanks.
 
Hi @sudoer (cool name btw!)

thanks for posting on the forum!

Please check the following two outputs:
pmgconfig dump
cat /etc/pmg/mynetworks

Depending on your configuration, this might interest you:
The PMG by default adds the default relay to the trusted networks, see [1]:
Code:
1575     # add default relay to mynetworks
1576     if (my $relay = $self->get('mail', 'relay')) {
1577         if ($relay =~ m/^$IPV4RE$/) {                                                                                   
1578             $mynetworks->{"$relay/32"} = 1;
1579         } elsif ($relay =~ m/^$IPV6RE$/) {
1580             $mynetworks->{"[$relay]/128"} = 1;                                                                         
1581         } else {
1582             # DNS name - do nothing ?
1583         }                                                                                                               
1584     }

Yours sincerely
Jonas

[1] https://git.proxmox.com/?p=pmg-api....e0bcc4cab5151a1b1dc545606b19565;hb=HEAD#l1575
 
Hi Jonas,

/etc/pmg/mynetworks reflects the config which is visible in GUI.

pmconfig dump indeed was pointing me in the right direction: postfix.transportnets contains the IP Addresses in question and those are configured as smart relay in the transport section.
This is somehow what the code sniplet is saying, however I do not understand the purpose as these are only smarthosts, not sending Mailservers which are meant to be trusted.

Thank you and best regards,
juergen