I have PostFix installed and working to send/receive email.
However, my requirement is for this MTA to only receive inbound email from gmail.
The background is that this server runs a product support system and only accepts email sent to [email protected] where myhost.com email is hosted by gmail.
So [email protected] is configured to forward to the local PostFix MTA that converts the emails into tickets in the product support system.
The PostFix MTA must completely refuse any email from any other IP addresses than gmail MTA servers. And, additionally, if possible, it must only accept incoming email from [email protected]
The product support server sits behind a linksys router. So port forwarding on port 25 in the router sends email to the local machine.
Is there a way to reject any communications except from gmail ip addresses?
Or, failing that, can PostFix be configured to only accept connections from gmail ip addresses?
Or, failing that, can PostFix be configured to reject email from any other ip addresses even if it does initially accept the connection?
Essentially we want outsource dealing with spam to gmail. Plus it's simpler to configure and monitor email received to [email protected] via the gmail website.
Please advise!
Ohhh, yeah! We have a sweet solution now.
We have added all of Gmails outbound servers to the firewall and only allow them to talk to port 25 on our server. Nobody else.
It works great.
FYI, Google publishes an SPF record with all their valid outbound servers according to the RFC.
So I simply added them all into the firewall for port 25 -- SMTP.
There's only one flaw in this plan.
What if Google adds or changes the SPF list?
Later on, I will make a cron job that once per day, does an SPF lookup, parses the host list, and updates the firewall restriction list.
Then it will be fool proof. Any spammers will only see a closed port, so it will get scratched off their list as a vulnerability. We won't even have the server bogged down with filtering email and such.
I'm confused. You have support emails going to a @gmail.com address which is being forwarded to your local smtp server running your domain, is that correct?
When you send out emails surely you will be sending them with addresses @yourdomain which people will try replying to, and you want to bounce those emails if the person isn't a Gmail user? That seems a really bad idea. If you want to outsource your spam handling then you could either use Google Apps for the domain and have Google host all your email, or you could use one of the spam filtering services that sit between you and your domain.
Given you have a Linksys router I'm guessing you're running on an ADSL connection which probably isn't designed to be running a mail server off of. I would seriously consider having Google host your email to keep everything simple and not have to worry about managing servers or internet connections locally.