NTACurrent en:Trusted Hosts

Aus Cryptshare Documentation
Version vom 7. März 2022, 10:25 Uhr von imported>Erhardts (Adapted headings and line breaks)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche

Overview

Cryptshare Mail Gateway (more precisely: The Postfix instance that accepts e-mails from outside) will forward emails to foreign domains only from trusted hosts. Trusted hosts are identified by their IP address - if it matches one of the configured IP addresses or address ranges, it is trusted. In Cryptshare Mail Gateway, trusted hosts are managed by the cmg-filter service, which propagates the changes to the other services Postfix, OpenDKIM and OpenDMARC.

Trusted hosts are specified during initial setup. This page describes how the trusted hosts can be changed at a later time.

Configuration Steps

1. Open /opt/cryptshare-mail-gateway/smtp-filter/config.properties in an editor.

2. Change the value of the property app.smtp.trusted-hosts, so that it contains a list of all trusted IP addresses, separated by comma or space. You can specify either single IP addresses or CIDR expressions. Example:

10.1.30.0/24 10.1.20.11

3. Save the file.

4. Restart the cmg-filter service:

systemctl restart cmg.filter

During the restart, all dependent services (Postfix, OpenDKIM, OpenDMARC) will also be restarted automatically.