Subject: Re: pppoe(4) man page in conjunction with Postfix leaves gaping
To: Wolfgang S. Rupprecht <>
From: Greg Troxel <>
List: tech-userlevel
Date: 10/02/2003 08:32:01
    From: (Wolfgang  S. Rupprecht)

    mynetworks =, [::1/128]

I basically agree, but this is perhaps a little tight; I would accept
the IP addresses (not networks) actually configured on interfaces.
But I suppose this only matters if people set their own IP address
instead of as a SMTP server.

Being a bit stronger than Wolfgang:

Postfix is *broken* to accept relaying from any address that does not
belong to the local machine.  The notion that the local net can
generally be trusted is simply untenable, and relaying for it - be it
a /30, a /24 or a /8 - should only be turned on by a conscious
decision to do so.

I have to fix this every time I configure postfix; many of my machines
are on networks where I don't wish to trust the rest of the machines.

Whether or not the netmask for the pppoe device ought to be
changed/fixed is another story; netmasks are not particularly
semantically meaningful for PPP devices, and thus arguably /32 makes
sense.  But this is really quite separable from the postfix issue.

        Greg Troxel <>