mynetworks - should server IP be included ?
Benny Pedersen
me at junc.eu
Sun Sep 17 15:45:11 CEST 2023
Patrick Ben Koetter skrev den 2023-09-17 08:45:
> * Benny Pedersen <me at junc.eu>:
>> lists at sbt.net.au skrev den 2023-09-16 14:09:
>> > I;m just checking my amavis setup, under mynetworks I have:
>> >
>> > @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
>> > 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
>> >
>> > should I also include actual server IP ?
>
> If you use amavis to DKIM sign outbound messages amavis will consider
> any
> message originating if it was sent from an IP listed in @mynetworks.
> Also any
> IP listed in @mynetworks will be subject to amavis' default policy. If
> that's
> what you want for your server then include its IP.
can be adjusted in policy banks, dkim signing should be extended to now
in 2023 include dkim/arc policy forward arc signing ONLY not just,
double signing with dkim is not an option for forwarders, eq maillist
that insists on breaking dkim, and trying hide there innocent later with
even more breakness of take over ownerships of header:From
with a good perl coder this could be fixed very easely, nearly all
support for this is already is in Mail::DKIM :)
>> > in postfix main.cf I have several IPs (server backup server):
>> >
>> > mynetworks = 103.106.111.222 103.106.111.333 125.168.111.222 127.0.0.1
>>
>> simple:
>>
>> postconf -d | grep mynetworks
>
> Even simplier than that:
+1
> $ postconf -d mynetworks
> mynetworks = 127.0.0.0/8 192.168.179.0/24 192.168.122.0/24 [::1]/128
> [fd00:0:0:1::]/64 [fe80::]/64
only left is now this is for single server, if there is more then one
server eg backup-mx it needs to merge postconf from all servers
i wish cluebringer was in gentoo portage, that would make my amavisd
more perfect, with mailzu-ng
thanks for more correctness
More information about the amavis-users
mailing list