| Description | Currently to enable ClearGLASS to send e-mails, ClearGLASS just adds the subnet 172.16/12 to the mynetworks parameter in /etc/postfix/main.cf when only a /16 subnet is needed. Also, from the way it is done, it appears to the sysop in the Webconfig SMTP Trusted Networks as a normal subnet he may have added and it risks deletion by the sysop. Added to this, the ClearOS recommended SMTP security model is to use user/pass authentication and not use Trusted networks, yet here we have suddenly trusted the whole 172.16/12 address space which may also cover some of the normal LAN subnets. The subnet is not programatically maintainable as it may also have been added by the sysop.
There is a very simple alternative. Add a parameter to /etc/postfix/main.cf e.g. clearglassnetwork and set it to the ClearGlass subnet which can be derived from the br-????? interface. Then append ", $clearglassnetwork" to mynetworks in /etc/postfix/main.cf and reload postfix. This way clearglassnetwork is programatically maintainable. It also shows in the webconfig as "$clearglassnetwork" so it is clear to the sysop that it is a special parameter and the webconfig still functions without any modification (I have tested it).
This change can be taken one step further. Currently the SMTP Webconfig hides the loopback subnets. It could also be made to hide any parameter beginning with $ |