SMTP/25 and trusted networks

[Jelle Langbroek]

Hi,

I use Nethserver as a mailserver only. There are some users with Inboxes on it, but I want to use Nethserver as a SMTP server for my DMZ servers too. Now, I've configured a trusted network that's my DMZ: 192.168.0.0/255.255.255.0
Then, as stated in http://docs.nethserver.org/en/latest/mail.html#special-smtp-access-policies , I ran:
# config setprop postfix AccessPolicies trustednetworks
# signal-event nethserver-mail-common-save

After this I'm able to use ANY client from private ranges to use Nethserver on port 25 without authentication! So, any client on LAN / VLANs and DMZ can now use Nethserver that way. I think I'm configuring something wrong or forgetting something, but I can't figure it out with de documentation only.

Can anyone explain the 'trusted networks' section in more detail to me? What should I do to allow access for only some specific hosts (or specific network) to port 25 without authentication?

Thanks!

Best,
Jelle

[Davide Principi]

Il 21/feb/2015 17:01 Jelle Langbroek <je...@ouderkz.nl> ha scritto:
>
> Can anyone explain the 'trusted networks' section in more detail to me?

Hosts in trusted networks can connect to "private" services as green (LAN) networks.

See also
http://docs.nethserver.org/en/latest/base_system.html#network-services-section

I would not make DMZ completely "trusted"!

> What should I do to allow access for only some specific hosts (or specific network) to port 25 without authentication?
>

The pointed out manual section states also

" However, there are some devices (printers, scanners, ...) that do not support SMTP authentication, encryption or port settings. They can be enabled to send messages by looking at their IP address in Postfix access table...

You're on the right track!