2011/11/15 Stan Hoeppner <s...@hardwarefreak.com>: > On 11/15/2011 5:44 AM, Olivier BATARD wrote: >> Thanks for the answer, when I run a grep -e "connect from" on the >> syslog I got this : >> >> Nov 15 12:32:47 VOLTALIAMSG postfix/smtpd[31110]: disconnect from >> unknown[192.168.150.254] >> Nov 15 12:32:49 VOLTALIAMSG postfix/smtpd[31102]: connect from >> unknown[192.168.150.254] >> Nov 15 12:32:53 VOLTALIAMSG postfix/smtpd[31129]: disconnect from >> unknown[192.168.150.254] >> Nov 15 12:32:56 VOLTALIAMSG postfix/smtpd[31110]: connect from >> unknown[192.168.150.254] > > No modern NAT/PAT router should ever replace the source address. If a > firmware upgrade doesn't fix this problem, chuck that router as quick as > you can and get a new one. > >> the 192.168.150.254 is my router. Seems that postfix consider it like >> a internal host. > > Of course Postfix does. Because it *is* an "internal" host: > > mynetworks = 192.168.150.0/24 ... > >> Anyway we have a router which uses NAT to forward smtp data to our >> server. How can we configure postfix and router to send mail only from >> my domain and not sending and accepting spam ? > > If you do not have users submitting mail for relay from the public > internet (i.e. roaming laptop users "outside" the router), simply > rejecting smtp connections from the router's private IP address will > solve the problem. Edit main.cf with the modification below and do a > "postfix reload": > > mynetworks = !192.168.150.254 192.168.150.0/24 > > The "!" excludes the address.
Thanks that solve my problem > > If you do not actually have a working IPv6 network, remove the IPv6 junk > from mynetworks. If you don't have webmail running on the Postfix box, > nor programs that need to inject mail into Postfix, remove the loopback > address from mynetworks as well. Thanks for the advice. > > P.S. I'm shocked you still have a NAT/PAT router in 2011 that rewrites > source addresses. Treat that thing like hot plutonium--replace it ASAP. > Yeah I was quite shocked too, so we'll replace soon as soon as the client sign the bill :) Anyway thanks a lot. Olivier > -- > Stan > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4ec25b77.1080...@hardwarefreak.com > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALvL=TOdqt9r9Y0gq3SUKWnnGof2sduhLc=rc_mipkac--p...@mail.gmail.com
