By default, Postfix will forward mail from clients in authorized
network blocks to any destination. Authorized networks are defined
with the
mynetworks configuration parameter. The default is to
authorize all clients in the IP subnetworks that the local machine
is attached to.
IMPORTANT: If your machine is connected to a wide area network
then your default
mynetworks setting may be too friendly.
Examples (specify only one of the following):
/etc/postfix/main.cf:
mynetworks_style = subnet (default: authorize subnetworks)
mynetworks_style = host (safe: authorize local machine only)
mynetworks = 127.0.0.0/8 (safe: authorize local machine only)
mynetworks = 127.0.0.0/8 168.100.189.2/32 (authorize local machine)
You can specify the trusted networks in the main.cf file, or
you can let Postfix do the work for you. The default is to let
Postfix do the work. The result depends on the
mynetworks_style
parameter value.
-
Specify "
mynetworks_style = host" when Postfix should
forward mail from only the local machine.
-
Specify "
mynetworks_style = subnet" (the default) when
Postfix should forward mail from SMTP clients in the same IP
subnetworks as the local machine. On Linux, this works correctly
only with interfaces specified with the "ifconfig" command.
-
Specify "
mynetworks_style = class" when Postfix should
forward mail from SMTP clients in the same IP class A/B/C networks
as the local machine. Don't do this with a dialup site - it would
cause Postfix to "trust" your entire provider's network. Instead,
specify an explicit
mynetworks list by hand, as described below.
Alternatively, you can specify the
mynetworks list by hand,
in which case Postfix ignores the
mynetworks_style setting.
To specify the list of trusted networks by hand, specify network
blocks in CIDR (network/mask) notation, for example:
/etc/postfix/main.cf:
mynetworks = 168.100.189.0/28, 127.0.0.0/8
You can also specify the absolute pathname of a pattern file instead
of listing the patterns in the main.cf file.
