Prev: postfix loop detection
Next: relayhost + backup relayhost
From: "Chaminda Indrajith" on 20 Apr 2010 15:09

Dear all,
I have a postfix mail gateway which is used for all incoming and
outgoing mails of our backend mail server.

I have restricted the Gateway to accept mails only for my domain
(example.com) from outside.

My Question is that, can we set a similar restriction for the outgoing
mails from my domain (example.com). In other words, I need to set up
my gateway to deliver mails originating only from example.com domain
to the outside world.

I would appreciate your help in this regard.

Thanks
Chaminda Indrajith



From: Noel Jones on 20 Apr 2010 18:34
On 4/20/2010 2:09 PM, Chaminda Indrajith wrote:
>
> Dear all,
> I have a postfix mail gateway which is used for all incoming and
> outgoing mails of our backend mail server.
>
> I have restricted the Gateway to accept mails only for my domain
> (example.com) from outside.
>
> My Question is that, can we set a similar restriction for the outgoing
> mails from my domain (example.com). In other words, I need to set up my
> gateway to deliver mails originating only from example.com domain to the
> outside world.
>
> I would appreciate your help in this regard.
>
> Thanks
> Chaminda Indrajith
>
>

Something like:

# main.cf
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_only
reject_unauth_destination

# sender_only
example.com OK


Warning: use this in smtpd_sender_restrictions as shown
above. DO NOT use this in smtpd_recipient_restrictions as it
would make you an open relay.



-- Noel Jones

From: Victor Duchovni on 20 Apr 2010 18:58
On Tue, Apr 20, 2010 at 05:34:26PM -0500, Noel Jones wrote:

> Something like:
>
> # main.cf
> smtpd_sender_restrictions =
> check_sender_access hash:/etc/postfix/sender_only
> reject_unauth_destination
>
> # sender_only
> example.com OK
>
> Warning: use this in smtpd_sender_restrictions as shown above. DO NOT use
> this in smtpd_recipient_restrictions as it would make you an open relay.

This also blocks bounces, which should not be blocked. One must also
white-list the empty sender:

http://www.postfix.org/postconf.5.html#smtpd_null_access_lookup_key

access:
<> OK
example.com OK
.example.com OK

The ".example.com" form may be need depending on the value of "p_d_m_s"

http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

 | 
Pages: 1
Prev: postfix loop detection
Next: relayhost + backup relayhost