From 15db9aba298fd19342c23ab7cfbd2397d5a0ea4b Mon Sep 17 00:00:00 2001 From: andryyy Date: Sat, 10 Apr 2021 11:22:36 +0200 Subject: [PATCH] Remove "Untrust RFC1918" --- docs/firststeps-trust_networks.md | 11 +++++++++++ mkdocs.yml | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 docs/firststeps-trust_networks.md diff --git a/docs/firststeps-trust_networks.md b/docs/firststeps-trust_networks.md new file mode 100644 index 000000000..e12dd9dfb --- /dev/null +++ b/docs/firststeps-trust_networks.md @@ -0,0 +1,11 @@ +Per default mailcow considers all networks as untrusted, except for its own IPV4_NETWORK and IPV6_NETWORK scope. Though it is reasonable in most cases, you may want to loosen this restriction under certain circumstances to allow connections from other networks. + +To change this behaviour override the default value of `mynetworks` parameter through the `data/conf/postfix/extra.cf` configuration file. + +**Important**: Do **not** remove the networks listed as `IPV4_NETWORK` and `IPV6_NETWORK` in your mailcow.conf. You should also keep local addresses. To add `1.2.3.4/32` it may look like the configuration below: + +``` +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 1.2.3.4/32 +``` + +Per default we use "mynetworks_style = subnet" to only include local networks we are part of. diff --git a/mkdocs.yml b/mkdocs.yml index 47035ce7d..6da9afd31 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -39,7 +39,7 @@ nav: - 'Rspamd UI': 'firststeps-rspamd_ui.md' - 'SNAT': 'firststeps-snat.md' - 'Sync job migration': 'firststeps-sync_jobs_migration.md' - - 'Untrust RFC 1918': 'firststeps-rfc-1918.md' + - 'Add trsteded networks': 'firststeps-trust_networks.md' - 'Models': - 'ACL': 'model-acl.md' - 'Password hashing': 'model-passwd.md' @@ -146,4 +146,4 @@ plugins: - search - redirects: redirect_maps: - 'u_e-mailpiler-integration.md': 'third_party-mailpiler_integration.md' \ No newline at end of file + 'u_e-mailpiler-integration.md': 'third_party-mailpiler_integration.md'