On 11/15/2011 5:44 AM, Olivier BATARD wrote: > Thanks for the answer, when I run a grep -e "connect from" on the > syslog I got this : > > Nov 15 12:32:47 VOLTALIAMSG postfix/smtpd[31110]: disconnect from > unknown[192.168.150.254] > Nov 15 12:32:49 VOLTALIAMSG postfix/smtpd[31102]: connect from > unknown[192.168.150.254] > Nov 15 12:32:53 VOLTALIAMSG postfix/smtpd[31129]: disconnect from > unknown[192.168.150.254] > Nov 15 12:32:56 VOLTALIAMSG postfix/smtpd[31110]: connect from > unknown[192.168.150.254]
No modern NAT/PAT router should ever replace the source address. If a firmware upgrade doesn't fix this problem, chuck that router as quick as you can and get a new one. > the 192.168.150.254 is my router. Seems that postfix consider it like > a internal host. Of course Postfix does. Because it *is* an "internal" host: mynetworks = 192.168.150.0/24 ... > Anyway we have a router which uses NAT to forward smtp data to our > server. How can we configure postfix and router to send mail only from > my domain and not sending and accepting spam ? If you do not have users submitting mail for relay from the public internet (i.e. roaming laptop users "outside" the router), simply rejecting smtp connections from the router's private IP address will solve the problem. Edit main.cf with the modification below and do a "postfix reload": mynetworks = !192.168.150.254 192.168.150.0/24 The "!" excludes the address. If you do not actually have a working IPv6 network, remove the IPv6 junk from mynetworks. If you don't have webmail running on the Postfix box, nor programs that need to inject mail into Postfix, remove the loopback address from mynetworks as well. P.S. I'm shocked you still have a NAT/PAT router in 2011 that rewrites source addresses. Treat that thing like hot plutonium--replace it ASAP. -- Stan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
