info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
relaying messages from docker network
20 views
Skip to first unread message
Ondřej Žára
Feb 20, 2023, 10:46:17 AM2/20/23
to
Hi,
I am looking for tips about handling outgoing smtp traffic in a dockerized scenario. My setup has three containers in a bridge network:
- reverse proxy (to route incoming traffic): 172.19.0.1
- postfix: 172.19.0.2
- webapp (needs to send e-mails): 172.19.0.3
The goal here is to allow the webapp to send e-mails without any particular checks. On a single machine, this would be done via
mynetworks = 127.0.0.1
smtpd_relay_restrictions = permit_mynetworks
...because the webapp would connect from 127.0.0.1. However, in a dockerized world, the webapp connects from 172.19.0.3 - and I cannot really mention this ip in $mynetworks, because docker is free to change the address on container restarts.
An alternative solution would be to set
mynetworks = 172.19/16
...but that would be incorrect as well, because all incoming traffic (from the internet) comes from the proxy, i.e. from 172.19.0.1 - and we do not want to relay that.
So what would be the best practice in this scenario?
Thanks,
Ondrej Zara
I am looking for tips about handling outgoing smtp traffic in a dockerized scenario. My setup has three containers in a bridge network:
- reverse proxy (to route incoming traffic): 172.19.0.1
- postfix: 172.19.0.2
- webapp (needs to send e-mails): 172.19.0.3
The goal here is to allow the webapp to send e-mails without any particular checks. On a single machine, this would be done via
mynetworks = 127.0.0.1
smtpd_relay_restrictions = permit_mynetworks
...because the webapp would connect from 127.0.0.1. However, in a dockerized world, the webapp connects from 172.19.0.3 - and I cannot really mention this ip in $mynetworks, because docker is free to change the address on container restarts.
An alternative solution would be to set
mynetworks = 172.19/16
...but that would be incorrect as well, because all incoming traffic (from the internet) comes from the proxy, i.e. from 172.19.0.1 - and we do not want to relay that.
So what would be the best practice in this scenario?
Thanks,
Ondrej Zara
0 new messages