Postfix mynetworks_style=host safe?

DeLord

Hey guys, mailcow by default ships Postfix with mynetworks_style=subnet, which means that e.g. connections from the Docker host system will be trusted and we don’t need to authenticate SMTP connections before sending emails out.

Personally, I don’t like this. In the optimal scenario, I would just set mynetworks= , so to an empty value, which would mean that all SMTP connections would require authentication. But I heard this might create problems with some Postfix-internal redirections of mails?

So I thought to set mynetworks_style=host, so that at least the Postfix container is able to send mails un-authenticated, but everyone else is not.

My questions now are: Is there a reason for Mailcow to have it mynetworks_style=subnet by default? Can I run intro trouble when I change it to mynetworks_style=host? E.g. are there some status-emails or similiar stuff that is being sent out by some of the containers, that require Postfix for not check for authentication?

D4niel

Did you already check the docs? https://docs.mailcow.email/manual-guides/Postfix/u_e-postfix-trust_networks/

DeLord

Hey @D4niel thanks for your answer, but yes, I already checked the docs. My question is not answered there, because the docs are talking about extending the list of mynetworks trusted source ip addresses, while my question is if it’s safe to reduce the amount of addresses.

As written above, I am specifically interested in if there’s anything that could break if I just set it on the postfix container localhost.

I would highly appreciate any input on this 🙂 Thanks in advance