|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Testing smtpd_client_restrictions - Was: Tcpwrappers and postfix - restricting inbound connections
From: Karl O. Pinc (kpinc
artic.edu)Date: Tue Jan 02 2001 - 14:52:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've got:
smtpd_client_restrictions = permit_mynetworks, reject
And I've tried it with:
mynetworks = $myhostname, 127.0.0.0/8
mynetworks = $myhostname/32,127.0.0.0/8
and
mynetworks = nnn.nnn.nnn.nnn/32, 127.0.0.0/8
(where nnn.nnn.nnn.nnn is the ip of the machine running postfix)
And I can still connect to port 25 and do a HELO from another machine.
What am I doing wrong?
>We've been using inetd and tcpwrappers on our workstations to restrict
>inbound smtp connections so that only localhost and the local ip interface
>can establish a connection. (Inetd runs tcpd with "sendmail -bs".) After
>upgrading from postfix snapshot 20000531 to 20001217 the "master" deamon
>won't start because port 25 is taken. So, I commented out the "smtp inet"
>line in master.cf so that smtpd isn't run.
>
>Everything seems peachy now, but this whole idea is leftover from runnig
>sendmail. It seems to me that it would be better to abandon inetd, run
>smtpd and configure:
>
>mynetworks = $myhostname, 127.0.0.0/8
>smtpd_client_restrictions = permit_mynetworks, reject
>
>Comments? Can I use $myhostname like this or will I need "$myhostname/32"
>or will I have to use the ip?
>
>TIA
>
>Karl
>
>May the Legos (TM) always be swept from your path in the night.
Karl
May the Legos (TM) always be swept from your path in the night.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]