From 43df48cb0617083f2788797838ce146c3de3b40d Mon Sep 17 00:00:00 2001
From: Rainer Rillke <rillke@wikipedia.de>
Date: Sun, 1 Mar 2020 19:40:50 +0100
Subject: [PATCH] README, env file: Warn about open relay configuration

Addresses: #1405
---
 README.md           | 2 +-
 env-mailserver.dist | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7d61e818..04bf351f 100644
--- a/README.md
+++ b/README.md
@@ -298,7 +298,7 @@ Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as f
 
 ##### PERMIT_DOCKER
 
-Set different options for mynetworks option (can be overwrite in postfix-main.cf)
+Set different options for mynetworks option (can be overwrite in postfix-main.cf) **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or `connected-networks` option, can create an [**open relay**](https://en.wikipedia.org/wiki/Open_mail_relay), [for instance](https://github.com/tomav/docker-mailserver/issues/1405#issuecomment-590106498) if IPv6 is enabled on the host machine but not in Docker.
   - **empty** => localhost only
   - host => Add docker host (ipv4 only)
   - network => Add the docker default bridge network (172.16.0.0/12); **WARNING**: `docker-compose` might use others (e.g. 192.168.0.0/16) use `PERMIT_DOCKER=connected-networks` in this case
diff --git a/env-mailserver.dist b/env-mailserver.dist
index 9556c695..86b8b3cf 100644
--- a/env-mailserver.dist
+++ b/env-mailserver.dist
@@ -20,6 +20,9 @@ ONE_DIR=0
 POSTMASTER_ADDRESS=
 
 # Set different options for mynetworks option (can be overwrite in postfix-main.cf)
+# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
+# `connected-networks` option, can create an open relay
+# https://github.com/tomav/docker-mailserver/issues/1405#issuecomment-590106498
 # empty => localhost only
 # host => Add docker host (ipv4 only)
 # network => Add all docker containers (ipv4 only)