On Fri, Oct 18, 2013 at 1:35 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Fri, Oct 18, 2013 at 06:19:14PM +0200, Benny Pedersen wrote: > >> Viktor Dukhovni skrev den 2013-10-18 16:44: >> >> >No, that also turns off SMTP for "LAN" clients. >> >> not if adding one more pr lan ip >> >> 192.168.0.1:smtp inet n - n - 60 smtpd > > This presumes a machine on a network with site-local addresses. > The OP's machine is presumably single-attached to a network with > public addresses and no external firewall.
I could run two smtp services, one on a public facing IP, and the other not. However we have users who use these little portable devices, and leave our humble network and expect smtp.example.com to continue to work for email they are sending from example.com. And it does, over secure smtp. Many of the users have type A personalities together with a thing called tenure, so it is unthinkable to "train" them to switch their smtp configuration every time they leave our humble network. > We should close this thread, the OP is long gone or in any case > has the answer in hand: Long gone? The thread is 4 hours old. Is every problem resolved in under 4 hours? What is the hurry? > - Firewall rules are out of scope for Postfix. True, and that is why I posted postconf -n, not iptables -L > - Postfix can listen on multiple IPs, ... which supports internal-only > SMTP services when the Postfix server is connected to multiple > networks, or uses secondary IP addresses on a single network > behind a firewall which permits external SMTP traffic only to > a subset of the machine's IP addresses (or address:port combinations). I was looking for possible weaknesses in the config, which people here love to find, or suggestions on tracing this better, which Noel has kindly provided. I'm set for now, to do some more checking on this, but please don't bury me in the deep dark ground.