NethServer Version: NS8 Module: Mail
Just a quick question. I have an outdated system that doesn’t pay nice with the TLS of the NS8 mail system. I tried adding a custom mynetworks with the following
podman exec -ti postfix vi /etc/postfix/main.cf.d/myoverride.cf
systemctl --user reload postfix
and added in a mynetworks address
then i did
systemctl --user status postfix dovecot
but the ns8 server is still causing an authentication error. Setting the mail server to an old NS7 server, I have running, using the Allow relay from IP addresses (one per line) in the Relay option works. No error is created. Is the mynetworks overridden or have I made a very basic mistake.
You correctly applied the customization procedure documented by the module readme, however for the mynetworks parameter a special care is needed because it is controlled by a SQLite table. It is planned to control that table from the UI. For today
remove the mynetworks override from your custom config file
Insert a record in the table with the following command (replace mail1 with your module ID and your network in cidr notation)
An update on this. If you are using NethSecurity and forward email port 25 to your nethserver 8 cloud instance, using the above allows remote attackers to send spam. I locked down to a local single ip, but still got remote ip’s able to end email by port 25 (using an bogus email but with my domain), so had to remove the above. Obviously an issue with some rules. in Postfix.
Until fixed I don’t recommend using non secure applications with ns8.