Si vous cherchez mon site professionnel, merci de cliquer ici.
using a secure dynhost as a postfix trustee
In the two past posts, we saw how to setup a dynhost service and to secure it. If you’re a postfix user, you may like the “mynetworks” variable that lets you use postfix from a list of ip without needing any other identification. This, obviously, can’t work with a dynamic ip. I searched and asked for a while, but I just can’t find any way to use a domain name instead of an ip. So, this post discusses how to read the mynetworks value from a mysql table, and how to integrate this in secure_dynhost_server.
the postfix side
First, double check that you have mysql support in your postfix installation. If all is ok, we’ll begin with creating a database and a network_table in mysql, and fill it with some data.
create database postfix_conf ;grant all on postfix_conf.* to 'postfix'@'localhost'identified by 'PASSWORD' ;use postfix_conf ;create table `network_table` (`id` int not null auto_increment,`hostname` varchar(50) not null,`ip` varchar(20) not null default '127.0.0.1',primary key (`id`) ) ;insert into `network_table` ( `hostname`, `ip` )values ( "localhost", "127.0.0.1" ) ;insert into `network_table` ( `hostname`, `ip` )values ( "MYDYNHOST", "127.0.0.1" ) ;
We then create a config file (say, /etc/postfix/network_table) for postfix to use mysql :
user = postfix password = PASSWORD dbname = postfix_conf query = select `ip` from `network_table` where `ip` = '%s'
At this point, you can test if all is ok with postmap (be sure to use an absolute path):
# postmap -q 127.0.0.1 mysql:/etc/postfix/network_table.cf127.0.0.1# postmap -q 127.1.1.1 mysql:/etc/postfix/network_table.cf#
Now, you just have to change “mynetworks” in main.cf and give it the value : “mysql:/etc/postfix/network_table.cf”.
The secure_dynhost_server side
Be sure to grant all on postfix_conf to your bind user, with the same password as of the dns database.
Basically, the only changes to do are in the update and the delete_hostname functions. When the dynhostname is updated, it must also update the postfix config ; and when it is deleted, the postfix config relative to that dynhost must be changed to 127.0.0.1 . Since i made a parse_config feature, in order to read the secure_dynhost_server config from command line or from a config file, it also need to be changed.
It put the patch for secure_dynhost_server in the download section . Go in the “server” directory and run “patch -p1 < /SOME/PATH/postfix.patch” to apply it.
Write a Comment