SMTP_NETWORKS doesn't work unless container is run in host mode?

[adamshand]

Hey thanks for this image, I've been using it a lot recently! Much appreciated. :-)

Perhaps I'm missing something, but I believe that SMTP_NETWORKS doesn't work as currently described.

Unless the container is running in host mode, Postfix sees all requests as coming from the Docker host.

For example, when I connect and send email from a public IP, Postfix sees the connection as coming from 10.0.0.2, eg.

Dec 05 23:51:26 postfix postfix/smtpd[103]: connect from unknown[10.0.0.2]
Dec 05 23:51:36 postfix postfix/smtpd[103]: ECE5A38BD43: client=unknown[10.0.0.2]
Dec 05 23:51:44 postfix postfix/cleanup[107]: ECE5A38BD43: warning: header Subject: blasdhkf adslkfjads lfka sjdfklasf from unknown[10.0.0.2]; from=<adam@xxx.nz> to=<adam@xxx.net> proto=ESMTP helo=<foo>

This means that anyone who exposes port 25 to the world is creating an open relay.

[juanluisbaptiste]

Hi @adamshand, I'm sorry for the late reply. You are right, as I have not used this feature, I had not thought of this issue.

For now, I will add a note to the documentation noting this issue, but I think the SMTP_NETWORKS variable should be removed because, as you say, this container does not offer (intentionally) any kind of authentication method.

[BurningLights]

When using IPv6, the situation appears to be different. Using IPv6 networking with a bridge network and published port, the container still sees the original IPv6 address of the remote system as the source IP. For this situation, SMTP_NETWORKS is needed to make it work.

[juanluisbaptiste]

Hi @BurningLights I'm not quite sure I do understand your issue, could you give us a concrete example?