ip range other than mynetworks
in [Postfix]
|
Prev: RFE: in mysql_table add "%p" for the listener port
Next: (update)ip range other than mynetworks
From: Josh Cason on 3 Jun 2010 14:51 I decided to impliment some new security and remove pop-before-smtp. But I have some dialup users and some of them use email. The company I'm going through is global pops. I would like to add there iprange to postfix as allowed users. I looked at /etc/postfix/access list example 192.168.0.1 OK but this is per user. Not a range and ofcoures I do not want to add this to the mynetwork file. So unless I missed it. Is there a place to specify a range? Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
From: Jeroen Geilman on 3 Jun 2010 14:24 On 06/03/2010 08:51 PM, Josh Cason wrote: > I decided to impliment some new security and remove pop-before-smtp. > But I have some dialup users and some of them use email. The company > I'm going through is global pops. I would like to add there iprange to > postfix as allowed users. I looked at /etc/postfix/access list example > 192.168.0.1 OK but this is per user. Not a range and ofcoures I do not > want to add this to the mynetwork file. So unless I missed it. Is > there a place to specify a range? > > Thanks, > > Josh > > External users ("road warriors") should use submission in combination with SASL/TLS. Adding ranges of IPs that are not under your control to mynetworks opens you up to any abuse those IPs might unleash. J.
From: Matt Hayes on 3 Jun 2010 14:25 On 6/3/2010 2:51 PM, Josh Cason wrote: > I decided to impliment some new security and remove pop-before-smtp. But > I have some dialup users and some of them use email. The company I'm > going through is global pops. I would like to add there iprange to > postfix as allowed users. I looked at /etc/postfix/access list example > 192.168.0.1 OK but this is per user. Not a range and ofcoures I do not > want to add this to the mynetwork file. So unless I missed it. Is there > a place to specify a range? > > Thanks, > > Josh > > Josh, You'd be better off reading up on smtp auth and using the submission port than trying to add ranges of dialup users to postfix. This would 1) force users to authenticate to relay email and 2) you wouldn't have to track ip ranges if they changed. -Matt
|
Pages: 1 Prev: RFE: in mysql_table add "%p" for the listener port Next: (update)ip range other than mynetworks |