On Monday, August 8, 2022 at 6:14:55 PM UTC+2, Luke Briner wrote:
> Do you mean smtp or smtpd? If you intend to relay email from trusted servers via your mail server, you should be setting up the submission service to accept these. You can lock them down with IP or network restrictions or you could install something like dovecot to give you TLS on port 587.
>
> The SMTP side of things should only be called from other mail agents and there are few good scenarios where a proper mail server has a dynamic IP, just lots of bad scenarios!
It is:
smtp-node4 postfix/smtpd[1037]: NOQUEUE: reject: CONNECT from
cable-x-x-x-x.dynamic.domain.com[x.x.x.x]: 554 5.7.1 <
cable-x-x-x-x.dynamic.domain.com[x.x.x.x]>: Client host rejected: No direct delivery from dynamic IPs! Use your ISP's SMTP relay.; proto=SMTP
whereas clients with static IP are accepted:
smtp-node4 postfix/cleanup[5899]: F336CE0003: info: header Subject: FW: kartica from
x.x.x.x.static.domain.com
As if somehow decision is being made with regards to PTR record
I want to allow relaying coming from dynamic IP addresses, I have permit_sasl_authenticated to control connections not coming from mu networks
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_client_access
ldap:/etc/postfix/map_clients.ldap,
check_client_access
ldap:/etc/postfix/map_relayed.ldap