Re: postfix mynetworks question

Wed, 01 Apr 2020 09:22:26 -0700 

On 4/1/2020 10:48 AM, Wietse Venema wrote:

Wietse Venema:

Charles Amstutz:

Hi everyone,

I'm seeing that you can move the trusted networks (mynetworks) in
main.cf  from a single line to a file.   My question is this: in
the file format,  is it one IP per Line or do you still put It on
one line seprating out by commas?  Also, is it safe to put comments
in that file? I'd like to document which IP is what.


As documented it depends on the kind of file.


I know these are basic questions, but looking for answers.


Quoting from http://www.postfix.org/postconf.5.html#mynetworks

In main.cf:

     Specify a list of network addresses or network/netmask patterns,
     separated by commas and/or whitespace. Continue long lines by
     starting the next line with whitespace.

     The netmask specifies the number of bits in the network part
     of a host address.

     You can also specify "/file/name" or "type:table" patterns.

In a "/file/name"

     A "/file/name" pattern is replaced by its contents. So the
     contents have the same format as main.cf.

     In the examples section, this is shown as
     "mynetworks = $config_directory/mynetworks"

In a  "type:table"

     A "type:table" lookup table is matched when a table entry matches
     a lookup string (the lookup result is ignored).

     In the examples section, this is shown as
     "mynetworks = hash:/etc/postfix/network_table".

The description assumes that you know how to use hash: and other
Postfix lookup tables.


You can have #comment at the start of a line in hash:/etc/postfix/network_table 
(http://www.postfix.org/postmap.1.html).

You can have #comment at the start of a line in main.cf
(http://www.postfix.org/postconf.5.html)

You can't have comments in "/file/name"
(because http://www.postfix.org/postconf.5.html does not say you can have
comments here).

You can't have comments anywhere else.
(because http://www.postfix.org/postmap.1.html and 
http://www.postfix.org/postconf.5.html don't say that you can have comments 
there).

        Wietse
I suppose you could use a hash: or cidr: type table, and use the comment for the (ignored) result.
Normally type:table maps don't support inline comments, but in this special case the result is ignored (the presence of any result is what postfix looks for), so it should work fine. 



  -- Noel Jones

Reply via email to