Add hint about trusted rfc1918, thanks to @Programmierus
Dieser Commit ist enthalten in:
Ursprung
cce96aea54
Commit
035ab8d219
2 geänderte Dateien mit 12 neuen und 0 gelöschten Zeilen
11
docs/firststeps-rfc-1918.md
Normale Datei
11
docs/firststeps-rfc-1918.md
Normale Datei
|
@ -0,0 +1,11 @@
|
||||||
|
Per default, mailcow considers all private RFC1918 networks (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) as trusted. Though it is reasonable in most cases, you may want to restrict this setting under certain circumstances. In particular, if you are using some kind of reverse proxy for SMTP TCP ports. If your reverse proxy host is located in a private net, mailcow will consider all traffic from it as trusted, which may result in an open relay.
|
||||||
|
|
||||||
|
To change this behaviour override the default value of `mynetworks` parameter through the `data/conf/postfix/extra.cf` configuration file.
|
||||||
|
|
||||||
|
**Important**: Do **not** remove the networks listed as `IPV4_NETWORK` and `IPV6_NETWORK` in your mailcow.conf. You should also keep local addresses.
|
||||||
|
|
||||||
|
The default values for those variables - `172.22.1.0/24` and `fd4d:6169:6c63:6f77::/64` - would result in the following, minimal configuration:
|
||||||
|
|
||||||
|
```
|
||||||
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64
|
||||||
|
```
|
|
@ -29,6 +29,7 @@ nav:
|
||||||
- 'Update': 'i_u_m_update.md'
|
- 'Update': 'i_u_m_update.md'
|
||||||
- 'Migration': 'i_u_m_migration.md'
|
- 'Migration': 'i_u_m_migration.md'
|
||||||
- 'First Steps (optional)':
|
- 'First Steps (optional)':
|
||||||
|
- 'Untrust RFC 1918': 'firststeps-rfc-1918.md'
|
||||||
- 'Advanced SSL': 'firststeps-ssl.md'
|
- 'Advanced SSL': 'firststeps-ssl.md'
|
||||||
- 'Rspamd UI': 'firststeps-rspamd_ui.md'
|
- 'Rspamd UI': 'firststeps-rspamd_ui.md'
|
||||||
- 'Reverse Proxy': 'firststeps-rp.md'
|
- 'Reverse Proxy': 'firststeps-rp.md'
|
||||||
|
|
Laden …
In neuem Issue referenzieren