Postfix relay, multi domain, securety and basically everything












0














I want to set up a relay server with a static ip on the web, which is supposed to accept mails for multiple domains and also send out mails for those domains. Unfortunatly my experience with postfix is less than limited, so I have some generic questions on architecture.



Also, since I was unable to find a "state if the art, following current recommendations" guideline for setting up a mail server, I'm more then happy to add mechanism or configuration details based on recommendations (BSI, NIST, M3aawg etc.) and link them as a reference.



What I have in mind



The relay host(s) are going to be called (relay host list)




  • a.mx.my-company.com

  • b.mx.my-company.com


and they are going to get each a SSL certificate via Let's encrypt, issued to their respective hostname, for STARTTLS on port 25.



In addition I have a list of domains , which the server should accept mails for (accepted domain list)




  • onedomain.com

  • onedomain.net

  • otherdomain.com


Another list of sender hosts exists, which connect to the relays to send out mail and get connected from the relays to recieve mails (sender host list)




  • a.mail.intern.onedomain.com

  • b.mail.intern.onedomain.com

  • a.mail.intern.otherdomain.com

  • mail.holdingcompany.com


There are some users (hostname_sender + "_up") defined, which should get rights to send in the name of the domains (accepted domain relay users)




  • user: a.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: b.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: a.mail.intern.otherdomain.com_up; grant: otherdomain.com

  • user: mail.holdingcompany.com_up; grant: onedomain.com, onedomain.net, otherdomain.com


And for the other way around a list of users (hostname_sender + "_down") is defined, which enables the relay host(s) to connect back to the sender hosts (delivery user list)




  • user: a.mail.intern.onedomain.com_down

  • user: b.mail.intern.onedomain.com_down

  • user: a.mail.intern.otherdomain.com_down

  • user: mail.holdingcompany.com_down


Allowing connections on port 25



For extern servers



A normal mail server like yahoo or gmail may want to deliver messages via my relays. The server then should check the basic stuff, like static ip, not on blacklist and if the target domain is in my accepted domain list. This connection may or may not use STARTTLS.



I think about ignoring SPF, as this is not a reliable design. On the other hand I would like to utilize DKIM, to hard bounce any mails that come from a domain which has DKIM configured but the incoming mail doesn't match the signature. Furthermore I would guess it might be a good idea to send a copy of a failed mail to the postmaster, with the error description, just in case some user complains, he doesn't get a mail he's expecting.



For trusted/internal servers/users



A mail server inside some network may connect via port 25, fail any checks (being on a blacklist, having dynamic ip etc.) but must enable STARTTLS and then auth itself via accepted domain relay users. From that point on the connection can be used to send out mails in the name of any domain the user is allowed to. Only relay hosts are supposed to connect via this, not the end users themselfs. This server is also not supposed to add any DKIM information, as it's just a publically "trusted" mail server with a static ip and not on a blacklist.



Delivering mails to the responsible sender host from a relay host



Inside the configuration of my relay host I will find a list (domain forward list)




  • onedomain.com, onedomain.net -> a.mail.intern.onedomain.com, b.mail.intern.onedomain.com[, mail.holdingcompany.com]

  • otherdomain.com -> a.mail.intern.otherdomain.com[, mail.holdingcompany.com]


Request for comments



I'm trying to establish a good and state of the art standard for myself in setting up email servers. I thought of thsi architecture to give me the most flexebility and the ability to provide mailservers on dynamic IPs. This could potentially reach all the way up to the point that the "on site postfix" availible trough the firewall of the site on a non-standard port will only accept TLS connections with permit_tls_clientcerts.



If a incomming mail for userA@onedomain.com is relayed, it should in my config take the route via any host from my domain forward list for that given domain. The servers themselfs could be on two seperate locations and only each connected via a 16/1MBit line, with different mailboxes on the according IMAP servers. Whilst this would work, due to the internal servers being able to directly exchange mails witch each other, I would like to know if there is a way to go:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: thank you


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • Notify postmaster, valid address, but no one responsible


Or:




  • a.mail.intern.onedomain.com -> responese: unknown user


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> timeout

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • notify postmaster after some retries on b.mail.intern.onedomain.com


What I'm struggeling with



Basically if it is possible to have a setup like this with postfix and how to test the proper functioning of forward, deny and auth mechanisms.



What I was searching for is something like in iptables, where I can have a ruleset something like this




  • match "external non blacklisted server" -j external_trustworthy

  • match "internal authed with TLS" -j internal_authed

  • -j REJECT


And testing this behaviour, so I won't by accident enforce the blacklist policy to the internal_authed, or even worse, grant the external_trustworthy to send mails in the name of my accepted domains.
Besides that I really would wish for Letsencrypt to issue domain based S/MIME certificates, which again would be able to issue and revoke client S/MIME certificates, for a hassle free mail encryption. That's another topic, but still, it requires a solid base, to be able to communicate with "high security" and "not so well" configured SMTP servers around the world.






authentication smtp postfix







share|improve this question


















  • 1




    Voted to close as to broad. If you set up postfix and have specific problems, by all means ask questions about where you fall down, but I doubt people who can answer this question will be interested in wasting a whole morning doing so for free so you can make money off their effort.
    – davidgo
    Nov 22 at 18:47










  • so, is there any place in StackExchange to discuss system architecture?
    – engelant
    Nov 22 at 21:19










  • No. StackExchange is about Q&A.
    – davidgo
    Nov 22 at 22:31
















0














I want to set up a relay server with a static ip on the web, which is supposed to accept mails for multiple domains and also send out mails for those domains. Unfortunatly my experience with postfix is less than limited, so I have some generic questions on architecture.



Also, since I was unable to find a "state if the art, following current recommendations" guideline for setting up a mail server, I'm more then happy to add mechanism or configuration details based on recommendations (BSI, NIST, M3aawg etc.) and link them as a reference.



What I have in mind



The relay host(s) are going to be called (relay host list)




  • a.mx.my-company.com

  • b.mx.my-company.com


and they are going to get each a SSL certificate via Let's encrypt, issued to their respective hostname, for STARTTLS on port 25.



In addition I have a list of domains , which the server should accept mails for (accepted domain list)




  • onedomain.com

  • onedomain.net

  • otherdomain.com


Another list of sender hosts exists, which connect to the relays to send out mail and get connected from the relays to recieve mails (sender host list)




  • a.mail.intern.onedomain.com

  • b.mail.intern.onedomain.com

  • a.mail.intern.otherdomain.com

  • mail.holdingcompany.com


There are some users (hostname_sender + "_up") defined, which should get rights to send in the name of the domains (accepted domain relay users)




  • user: a.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: b.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: a.mail.intern.otherdomain.com_up; grant: otherdomain.com

  • user: mail.holdingcompany.com_up; grant: onedomain.com, onedomain.net, otherdomain.com


And for the other way around a list of users (hostname_sender + "_down") is defined, which enables the relay host(s) to connect back to the sender hosts (delivery user list)




  • user: a.mail.intern.onedomain.com_down

  • user: b.mail.intern.onedomain.com_down

  • user: a.mail.intern.otherdomain.com_down

  • user: mail.holdingcompany.com_down


Allowing connections on port 25



For extern servers



A normal mail server like yahoo or gmail may want to deliver messages via my relays. The server then should check the basic stuff, like static ip, not on blacklist and if the target domain is in my accepted domain list. This connection may or may not use STARTTLS.



I think about ignoring SPF, as this is not a reliable design. On the other hand I would like to utilize DKIM, to hard bounce any mails that come from a domain which has DKIM configured but the incoming mail doesn't match the signature. Furthermore I would guess it might be a good idea to send a copy of a failed mail to the postmaster, with the error description, just in case some user complains, he doesn't get a mail he's expecting.



For trusted/internal servers/users



A mail server inside some network may connect via port 25, fail any checks (being on a blacklist, having dynamic ip etc.) but must enable STARTTLS and then auth itself via accepted domain relay users. From that point on the connection can be used to send out mails in the name of any domain the user is allowed to. Only relay hosts are supposed to connect via this, not the end users themselfs. This server is also not supposed to add any DKIM information, as it's just a publically "trusted" mail server with a static ip and not on a blacklist.



Delivering mails to the responsible sender host from a relay host



Inside the configuration of my relay host I will find a list (domain forward list)




  • onedomain.com, onedomain.net -> a.mail.intern.onedomain.com, b.mail.intern.onedomain.com[, mail.holdingcompany.com]

  • otherdomain.com -> a.mail.intern.otherdomain.com[, mail.holdingcompany.com]


Request for comments



I'm trying to establish a good and state of the art standard for myself in setting up email servers. I thought of thsi architecture to give me the most flexebility and the ability to provide mailservers on dynamic IPs. This could potentially reach all the way up to the point that the "on site postfix" availible trough the firewall of the site on a non-standard port will only accept TLS connections with permit_tls_clientcerts.



If a incomming mail for userA@onedomain.com is relayed, it should in my config take the route via any host from my domain forward list for that given domain. The servers themselfs could be on two seperate locations and only each connected via a 16/1MBit line, with different mailboxes on the according IMAP servers. Whilst this would work, due to the internal servers being able to directly exchange mails witch each other, I would like to know if there is a way to go:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: thank you


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • Notify postmaster, valid address, but no one responsible


Or:




  • a.mail.intern.onedomain.com -> responese: unknown user


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> timeout

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • notify postmaster after some retries on b.mail.intern.onedomain.com


What I'm struggeling with



Basically if it is possible to have a setup like this with postfix and how to test the proper functioning of forward, deny and auth mechanisms.



What I was searching for is something like in iptables, where I can have a ruleset something like this




  • match "external non blacklisted server" -j external_trustworthy

  • match "internal authed with TLS" -j internal_authed

  • -j REJECT


And testing this behaviour, so I won't by accident enforce the blacklist policy to the internal_authed, or even worse, grant the external_trustworthy to send mails in the name of my accepted domains.
Besides that I really would wish for Letsencrypt to issue domain based S/MIME certificates, which again would be able to issue and revoke client S/MIME certificates, for a hassle free mail encryption. That's another topic, but still, it requires a solid base, to be able to communicate with "high security" and "not so well" configured SMTP servers around the world.






authentication smtp postfix







share|improve this question


















  • 1




    Voted to close as to broad. If you set up postfix and have specific problems, by all means ask questions about where you fall down, but I doubt people who can answer this question will be interested in wasting a whole morning doing so for free so you can make money off their effort.
    – davidgo
    Nov 22 at 18:47










  • so, is there any place in StackExchange to discuss system architecture?
    – engelant
    Nov 22 at 21:19










  • No. StackExchange is about Q&A.
    – davidgo
    Nov 22 at 22:31














0












0








0







I want to set up a relay server with a static ip on the web, which is supposed to accept mails for multiple domains and also send out mails for those domains. Unfortunatly my experience with postfix is less than limited, so I have some generic questions on architecture.



Also, since I was unable to find a "state if the art, following current recommendations" guideline for setting up a mail server, I'm more then happy to add mechanism or configuration details based on recommendations (BSI, NIST, M3aawg etc.) and link them as a reference.



What I have in mind



The relay host(s) are going to be called (relay host list)




  • a.mx.my-company.com

  • b.mx.my-company.com


and they are going to get each a SSL certificate via Let's encrypt, issued to their respective hostname, for STARTTLS on port 25.



In addition I have a list of domains , which the server should accept mails for (accepted domain list)




  • onedomain.com

  • onedomain.net

  • otherdomain.com


Another list of sender hosts exists, which connect to the relays to send out mail and get connected from the relays to recieve mails (sender host list)




  • a.mail.intern.onedomain.com

  • b.mail.intern.onedomain.com

  • a.mail.intern.otherdomain.com

  • mail.holdingcompany.com


There are some users (hostname_sender + "_up") defined, which should get rights to send in the name of the domains (accepted domain relay users)




  • user: a.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: b.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: a.mail.intern.otherdomain.com_up; grant: otherdomain.com

  • user: mail.holdingcompany.com_up; grant: onedomain.com, onedomain.net, otherdomain.com


And for the other way around a list of users (hostname_sender + "_down") is defined, which enables the relay host(s) to connect back to the sender hosts (delivery user list)




  • user: a.mail.intern.onedomain.com_down

  • user: b.mail.intern.onedomain.com_down

  • user: a.mail.intern.otherdomain.com_down

  • user: mail.holdingcompany.com_down


Allowing connections on port 25



For extern servers



A normal mail server like yahoo or gmail may want to deliver messages via my relays. The server then should check the basic stuff, like static ip, not on blacklist and if the target domain is in my accepted domain list. This connection may or may not use STARTTLS.



I think about ignoring SPF, as this is not a reliable design. On the other hand I would like to utilize DKIM, to hard bounce any mails that come from a domain which has DKIM configured but the incoming mail doesn't match the signature. Furthermore I would guess it might be a good idea to send a copy of a failed mail to the postmaster, with the error description, just in case some user complains, he doesn't get a mail he's expecting.



For trusted/internal servers/users



A mail server inside some network may connect via port 25, fail any checks (being on a blacklist, having dynamic ip etc.) but must enable STARTTLS and then auth itself via accepted domain relay users. From that point on the connection can be used to send out mails in the name of any domain the user is allowed to. Only relay hosts are supposed to connect via this, not the end users themselfs. This server is also not supposed to add any DKIM information, as it's just a publically "trusted" mail server with a static ip and not on a blacklist.



Delivering mails to the responsible sender host from a relay host



Inside the configuration of my relay host I will find a list (domain forward list)




  • onedomain.com, onedomain.net -> a.mail.intern.onedomain.com, b.mail.intern.onedomain.com[, mail.holdingcompany.com]

  • otherdomain.com -> a.mail.intern.otherdomain.com[, mail.holdingcompany.com]


Request for comments



I'm trying to establish a good and state of the art standard for myself in setting up email servers. I thought of thsi architecture to give me the most flexebility and the ability to provide mailservers on dynamic IPs. This could potentially reach all the way up to the point that the "on site postfix" availible trough the firewall of the site on a non-standard port will only accept TLS connections with permit_tls_clientcerts.



If a incomming mail for userA@onedomain.com is relayed, it should in my config take the route via any host from my domain forward list for that given domain. The servers themselfs could be on two seperate locations and only each connected via a 16/1MBit line, with different mailboxes on the according IMAP servers. Whilst this would work, due to the internal servers being able to directly exchange mails witch each other, I would like to know if there is a way to go:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: thank you


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • Notify postmaster, valid address, but no one responsible


Or:




  • a.mail.intern.onedomain.com -> responese: unknown user


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> timeout

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • notify postmaster after some retries on b.mail.intern.onedomain.com


What I'm struggeling with



Basically if it is possible to have a setup like this with postfix and how to test the proper functioning of forward, deny and auth mechanisms.



What I was searching for is something like in iptables, where I can have a ruleset something like this




  • match "external non blacklisted server" -j external_trustworthy

  • match "internal authed with TLS" -j internal_authed

  • -j REJECT


And testing this behaviour, so I won't by accident enforce the blacklist policy to the internal_authed, or even worse, grant the external_trustworthy to send mails in the name of my accepted domains.
Besides that I really would wish for Letsencrypt to issue domain based S/MIME certificates, which again would be able to issue and revoke client S/MIME certificates, for a hassle free mail encryption. That's another topic, but still, it requires a solid base, to be able to communicate with "high security" and "not so well" configured SMTP servers around the world.






authentication smtp postfix







share|improve this question













I want to set up a relay server with a static ip on the web, which is supposed to accept mails for multiple domains and also send out mails for those domains. Unfortunatly my experience with postfix is less than limited, so I have some generic questions on architecture.



Also, since I was unable to find a "state if the art, following current recommendations" guideline for setting up a mail server, I'm more then happy to add mechanism or configuration details based on recommendations (BSI, NIST, M3aawg etc.) and link them as a reference.



What I have in mind



The relay host(s) are going to be called (relay host list)




  • a.mx.my-company.com

  • b.mx.my-company.com


and they are going to get each a SSL certificate via Let's encrypt, issued to their respective hostname, for STARTTLS on port 25.



In addition I have a list of domains , which the server should accept mails for (accepted domain list)




  • onedomain.com

  • onedomain.net

  • otherdomain.com


Another list of sender hosts exists, which connect to the relays to send out mail and get connected from the relays to recieve mails (sender host list)




  • a.mail.intern.onedomain.com

  • b.mail.intern.onedomain.com

  • a.mail.intern.otherdomain.com

  • mail.holdingcompany.com


There are some users (hostname_sender + "_up") defined, which should get rights to send in the name of the domains (accepted domain relay users)




  • user: a.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: b.mail.intern.onedomain.com_up; grant: onedomain.com, onedomain.net

  • user: a.mail.intern.otherdomain.com_up; grant: otherdomain.com

  • user: mail.holdingcompany.com_up; grant: onedomain.com, onedomain.net, otherdomain.com


And for the other way around a list of users (hostname_sender + "_down") is defined, which enables the relay host(s) to connect back to the sender hosts (delivery user list)




  • user: a.mail.intern.onedomain.com_down

  • user: b.mail.intern.onedomain.com_down

  • user: a.mail.intern.otherdomain.com_down

  • user: mail.holdingcompany.com_down


Allowing connections on port 25



For extern servers



A normal mail server like yahoo or gmail may want to deliver messages via my relays. The server then should check the basic stuff, like static ip, not on blacklist and if the target domain is in my accepted domain list. This connection may or may not use STARTTLS.



I think about ignoring SPF, as this is not a reliable design. On the other hand I would like to utilize DKIM, to hard bounce any mails that come from a domain which has DKIM configured but the incoming mail doesn't match the signature. Furthermore I would guess it might be a good idea to send a copy of a failed mail to the postmaster, with the error description, just in case some user complains, he doesn't get a mail he's expecting.



For trusted/internal servers/users



A mail server inside some network may connect via port 25, fail any checks (being on a blacklist, having dynamic ip etc.) but must enable STARTTLS and then auth itself via accepted domain relay users. From that point on the connection can be used to send out mails in the name of any domain the user is allowed to. Only relay hosts are supposed to connect via this, not the end users themselfs. This server is also not supposed to add any DKIM information, as it's just a publically "trusted" mail server with a static ip and not on a blacklist.



Delivering mails to the responsible sender host from a relay host



Inside the configuration of my relay host I will find a list (domain forward list)




  • onedomain.com, onedomain.net -> a.mail.intern.onedomain.com, b.mail.intern.onedomain.com[, mail.holdingcompany.com]

  • otherdomain.com -> a.mail.intern.otherdomain.com[, mail.holdingcompany.com]


Request for comments



I'm trying to establish a good and state of the art standard for myself in setting up email servers. I thought of thsi architecture to give me the most flexebility and the ability to provide mailservers on dynamic IPs. This could potentially reach all the way up to the point that the "on site postfix" availible trough the firewall of the site on a non-standard port will only accept TLS connections with permit_tls_clientcerts.



If a incomming mail for userA@onedomain.com is relayed, it should in my config take the route via any host from my domain forward list for that given domain. The servers themselfs could be on two seperate locations and only each connected via a 16/1MBit line, with different mailboxes on the according IMAP servers. Whilst this would work, due to the internal servers being able to directly exchange mails witch each other, I would like to know if there is a way to go:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: thank you


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • Notify postmaster, valid address, but no one responsible


Or:




  • a.mail.intern.onedomain.com -> responese: unknown user


Or:




  • a.mail.intern.onedomain.com -> responese: user exists, but I'm not in charge

  • b.mail.intern.onedomain.com -> timeout

  • mail.holdingcompany.com -> responese: user exists, but I'm not in charge

  • notify postmaster after some retries on b.mail.intern.onedomain.com


What I'm struggeling with



Basically if it is possible to have a setup like this with postfix and how to test the proper functioning of forward, deny and auth mechanisms.



What I was searching for is something like in iptables, where I can have a ruleset something like this




  • match "external non blacklisted server" -j external_trustworthy

  • match "internal authed with TLS" -j internal_authed

  • -j REJECT


And testing this behaviour, so I won't by accident enforce the blacklist policy to the internal_authed, or even worse, grant the external_trustworthy to send mails in the name of my accepted domains.
Besides that I really would wish for Letsencrypt to issue domain based S/MIME certificates, which again would be able to issue and revoke client S/MIME certificates, for a hassle free mail encryption. That's another topic, but still, it requires a solid base, to be able to communicate with "high security" and "not so well" configured SMTP servers around the world.






authentication smtp postfix




authentication smtp postfix






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 22 at 18:08









engelant

12




12








  • 1




    Voted to close as to broad. If you set up postfix and have specific problems, by all means ask questions about where you fall down, but I doubt people who can answer this question will be interested in wasting a whole morning doing so for free so you can make money off their effort.
    – davidgo
    Nov 22 at 18:47










  • so, is there any place in StackExchange to discuss system architecture?
    – engelant
    Nov 22 at 21:19










  • No. StackExchange is about Q&A.
    – davidgo
    Nov 22 at 22:31














  • 1




    Voted to close as to broad. If you set up postfix and have specific problems, by all means ask questions about where you fall down, but I doubt people who can answer this question will be interested in wasting a whole morning doing so for free so you can make money off their effort.
    – davidgo
    Nov 22 at 18:47










  • so, is there any place in StackExchange to discuss system architecture?
    – engelant
    Nov 22 at 21:19










  • No. StackExchange is about Q&A.
    – davidgo
    Nov 22 at 22:31








1




1




Voted to close as to broad. If you set up postfix and have specific problems, by all means ask questions about where you fall down, but I doubt people who can answer this question will be interested in wasting a whole morning doing so for free so you can make money off their effort.
– davidgo
Nov 22 at 18:47




Voted to close as to broad. If you set up postfix and have specific problems, by all means ask questions about where you fall down, but I doubt people who can answer this question will be interested in wasting a whole morning doing so for free so you can make money off their effort.
– davidgo
Nov 22 at 18:47












so, is there any place in StackExchange to discuss system architecture?
– engelant
Nov 22 at 21:19




so, is there any place in StackExchange to discuss system architecture?
– engelant
Nov 22 at 21:19












No. StackExchange is about Q&A.
– davidgo
Nov 22 at 22:31




No. StackExchange is about Q&A.
– davidgo
Nov 22 at 22:31















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377649%2fpostfix-relay-multi-domain-securety-and-basically-everything%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377649%2fpostfix-relay-multi-domain-securety-and-basically-everything%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

QoS: MAC-Priority for clients behind a repeater

Image
1 1 I've setup a wireless network using a Linksys-Router (DD-WRT) as an AP and a TP-Link repeater for range extension. To manage bandwith for specific users, I've setup QoS-Rules on the AP (DD-WRT) using MAC-Priority: However the AP shows only the Repeater's MAC and the MACs of users inside the AP-Range. The MAC addresses of users behind the Repeater are not listed : The purple MAC is not listed in the AP-Clientlist. Its related to a device connected via the TP-Link repeater. Q: How can I setup MAC-Priority for repeater-clients? Do I simply add the purple MAC in AP-MAC priority list although it's not listed as a client? I want to setup specific priority instead of giving one priority for all clients behind the repeater by adding the repeater's MAC in the MAC priority list in the AP as
Read more

Ивакино (Тотемский район)

Image
У этого топонима есть и другие значения, см. Ивакино. Деревня Ивакино 59°42′01″ с. ш. 42°01′36″ в. д. H G Я O Страна Россия   Россия Субъект Федерации Вологодская область Муниципальный район Тотемский район Сельское поселение Погореловское История и география Тип климата умеренно-континентальный Часовой пояс UTC+3 Население Население 33 человека ( 2002 ) Национальности русские Цифровые идентификаторы Почтовый индекс 161327 Код ОКАТО 19 246 848 008 Код ОКТМО 19 646 448 136 Прочее Рег. номер 6261 Показать/скрыть карты Ивакино Ивакино Ивакино Ивакино — деревня в Тотемском районе Вологодской области. Входит в состав Погореловского сельского поселения [1] , с точки зрения административно-территориального деления — в Погореловский сельсовет. Расстояние по автодороге до районного центра Тотьмы — 61,5 км, до центра муниципального образования деревни Погорелово — 1,5 км.
Read more

Can't locate Autom4te/ChannelDefs.pm in @INC (when it definitely is there)

Image
up vote 1 down vote favorite I've been running into trouble running make for a build process that I know works on a 32-bit Ubuntu VM. I am running a 64-bit Ubuntu VM, and I have a feeling that the 64-bit may be the problem, but am not entirely sure. Basically, when I run the make command, I get the following error: Can't locate Autom4te/ChannelDefs.pm in @INC (@INC contains: [...]/staging_dir/host/share/autoconf /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at [...]/staging_dir/host/bin/autoreconf line 40. Now if I navigate to [...]/staging_dir/host/share/autoconf I can see that, contrary to what autoreconf thinks, Autom4te/ChannelDefs.pm definitely exists, so I don't really understand what
Read more