|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "mynetworks=" but im performing nat...
From: Ean Kingston (ean
hedron.org)
Date: Tue Jun 14 2005 - 17:32:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On June 14, 2005 05:25 pm, T Leconte wrote:
> Im running my postfix server with private ip (10.100.100.0/24) behind a
> firewall (fortigate 800). My local users are in another interface using
> 10.0.0.0/16
> External users accesing via internet to my public ip
> The firewall is nating from local lan and internet to the server lan, so in
> all my logs my source connections are from the ip of my firewall
> 10.100.100.1.
That sounds like a proxy server, not a NAT server. My mail server also sits
behind a NAT firewall and I see the real connecting address, not the firewall
address in my logs.
> At this time, for smtp, if the client user do not
> authenticate (using sasl,tls/ssl) it gets a "relay access denied" (which is
> what i want.. of course) Testing some isp servers, if the client user do
> not authenticate, it gets "530 5.7.0 No AUTH command has been given" error
> msg.
>
> The question is, what is it better (for the server load) to force users to
> auth instead a relay access denied? if yes, how do i configure postfix to
> force the auth?
I prefer to force auth for security reasons but this is really a matter of
opinion.
To force auth remove the permit_mynetworks from your restrictions.
Note: this may require you to reconfigure your webmail server and possibly a
few other daemons to permit mail delivery through your smtp server.
--
Ean Kingston
E-Mail: ean AT hedron DOT org
URL: http://www.hedron.org/
I am currently looking for work. If you need competent system/network
administration please feel free to contact me directly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]