From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Aug 03 2004 - 07:01:27 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 03, 2004 at 02:24:48PM +1000, Rob Chanter wrote:

> On Mon, Aug 02, 2004 at 11:07:11PM -0500, Chris wrote:
>
> > Ok - lemme rephase. Along with a legit IP in the above example, is it
> > required to have 127.0.0.1/8? If yes, what happens if it not there.
> > If no - are there ramifications.
>
> Should be 127.0.0.0/8 or 127.0.0.1/32.

Yes, good catch!

> > Perhaps I didn't articulate (being late and working long hours).
>
> Not required AFAIK, but it won't prevent mail being submitted locally
> unless you also secure the sendmail binary and anything else that might
> invoke postdrop or otherwise put things in the maildrop queue.

Local mail submission is not via SMTP, so mynetworks does not apply.
There is no requirement to list 127.0.0.1 in mynetworks unless there
are applications that need relay rights and talk SMTP to 127.0.0.1
on port 25 (re-injection from content_filters is usually handled with
explicit restrictions in master.cf or a second Postfix instance also
with separate restrictions).

> Even then, someone logged in locally can still connect to the
> non-loopback address. Apart from multi-instance setups, I can't think of
> any reason you'd want to omit localhost from inet_interfaces.
>

Yes, there is not much to be gained by leaving it out, note the OP is
talking about mynetworks (relay access) not inet_interfaces (where the
server listens).

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]