info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
smtpd: No direct delivery from dynamic IPs!
32 views
Skip to first unread message
Dusan Ljubanic
Jul 23, 2022, 9:03:55 AM7/23/22
to
Hi,
I want to allow smtp connection requests from dynamic IPs. I have no rules in my smtpd_client_restrictions rejecting dynamic IP addresses.
Where does postfix perform this check?
Sample of the log:
<cable-188-2-56-36.dynamic.sbb.rs[188.2.56.36]>: Client
host rejected: No direct delivery from dynamic IPs! Use your ISP's SMTP relay.
Thanks
I want to allow smtp connection requests from dynamic IPs. I have no rules in my smtpd_client_restrictions rejecting dynamic IP addresses.
Where does postfix perform this check?
Sample of the log:
<cable-188-2-56-36.dynamic.sbb.rs[188.2.56.36]>: Client
host rejected: No direct delivery from dynamic IPs! Use your ISP's SMTP relay.
Thanks
Luke Briner
Aug 8, 2022, 12:14:55 PM8/8/22
to
Do you mean smtp or smtpd? If you intend to relay email from trusted servers via your mail server, you should be setting up the submission service to accept these. You can lock them down with IP or network restrictions or you could install something like dovecot to give you TLS on port 587.
The SMTP side of things should only be called from other mail agents and there are few good scenarios where a proper mail server has a dynamic IP, just lots of bad scenarios!
The SMTP side of things should only be called from other mail agents and there are few good scenarios where a proper mail server has a dynamic IP, just lots of bad scenarios!
Dusan Ljubanic
Aug 11, 2022, 3:55:57 PM8/11/22
to
On Monday, August 8, 2022 at 6:14:55 PM UTC+2, Luke Briner wrote:
> Do you mean smtp or smtpd? If you intend to relay email from trusted servers via your mail server, you should be setting up the submission service to accept these. You can lock them down with IP or network restrictions or you could install something like dovecot to give you TLS on port 587.
>
> The SMTP side of things should only be called from other mail agents and there are few good scenarios where a proper mail server has a dynamic IP, just lots of bad scenarios!
It is:
> Do you mean smtp or smtpd? If you intend to relay email from trusted servers via your mail server, you should be setting up the submission service to accept these. You can lock them down with IP or network restrictions or you could install something like dovecot to give you TLS on port 587.
>
> The SMTP side of things should only be called from other mail agents and there are few good scenarios where a proper mail server has a dynamic IP, just lots of bad scenarios!
smtp-node4 postfix/smtpd[1037]: NOQUEUE: reject: CONNECT from cable-x-x-x-x.dynamic.domain.com[x.x.x.x]: 554 5.7.1 <cable-x-x-x-x.dynamic.domain.com[x.x.x.x]>: Client host rejected: No direct delivery from dynamic IPs! Use your ISP's SMTP relay.; proto=SMTP
whereas clients with static IP are accepted:
smtp-node4 postfix/cleanup[5899]: F336CE0003: info: header Subject: FW: kartica from x.x.x.x.static.domain.com
As if somehow decision is being made with regards to PTR record
I want to allow relaying coming from dynamic IP addresses, I have permit_sasl_authenticated to control connections not coming from mu networks
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_client_access
ldap:/etc/postfix/map_clients.ldap,
check_client_access
ldap:/etc/postfix/map_relayed.ldap
0 new messages