Skip to content

Add trusted networks

By default mailcow considers all networks as untrusted excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction.

By default mailcow uses mynetworks_style = subnet to determine internal subnets and leaves mynetworks unconfigured.

If you decide to set mynetworks, Postfix ignores the mynetworks_style setting. This means you have to add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually!

Unauthenticated relaying

Warning

Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved.

IPv4 hosts/subnets

To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

Edit data/conf/postfix/extra.cf:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24

Run docker-compose restart postfix-mailcow to apply your new settings.

IPv6 hosts/subnets

Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

Edit data/conf/postfix/extra.cf:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32

Run docker-compose restart postfix-mailcow to apply your new settings.

Info

More information about mynetworks can be found in the Postfix documentation.


Last update: 2022-02-02 10:57:04
Back to top