frist: do NOT reply off-list! Am 22.11.2012 15:56, schrieb Patric Falinder: > Reindl Harald skrev 2012-11-22 15:20: >> >> Am 22.11.2012 15:06, schrieb Patric Falinder: >>> Right now I have added their IP to 'mynetworks' and it's working fine for >>> now, >>> but it's not reliable as they have a dynamic IP like I said >> so make a different open-relay port is the same problem > How so? > If I have an open relay I don't have to specify the IP in > 'mynetworks' and don't have to care to change it if their > IP is updated as I will fix this on the firewall
so how the hell does it make a difference? you have to configure SOMETHING in any case the idea of a open-relay for dyn-addresses is crap >> yes, they have to setup a postfix relay on their >> internal network - any other solution in context >> of dynamic IP's is pure crap and dangerous >> >> relayhost = [your-smtp-server]:587 >> smtp_sasl_auth_enable = yes >> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >> >> cat /etc/postfix/sasl_passwd >> # CHANGES: postmap /etc/postfix/sasl_passwd >> [your-smtp-server]:587 username:password >> > Setting up a server just for that is not an option. so kiss the customer goodbye as long he can not provide a solution with a relay or force to use software which is designed to work over WAN > I know the complications of having an open relay but I really > don't see the problem if I specify at a firewall level which IP's > have access to it. with a static IP on the clients side i agree BUT with dynamic IP's this is only a bad joke > So technically it's not an open relay as there's only specified IP's that > has access to it in the end. And the reason I'm going to specify it > on the firewall is because I can specify at hostname-level who's having > access > to it from the outside, I can't do that in Postfix from where do you take the hostname? PTR? sorry but this is naive * i control the PTR for my IP's * i can setup whatever PTR i like for whatever of my IP's there is no clean solution force the customer to fix HIS side or kiss him goodbye!
signature.asc
Description: OpenPGP digital signature
