We occasionally have customer-provided servers in our technical support and engineering departments. They're isolated on their own VLAN, with strict firewall rules in place to minimize possible bad behavior.
We've found ourselves needing to capture (instead of block) outgoing mail by these machines. Redirecting ports and feeding machines fake MX records is easy. Creating a fake open relay doesn't seem to be. My goal is:
- Mail to [email protected] gets relayed upstream (
relay_domain = $mydomain
andrelayhost = $mydomain
) - Mail to [email protected] gets captured and forwarded to an email address @ourdomain.com
Things that probably won't work, as answered in other similar questions:
- BCC maps: I don't want the original mail delivered to the original recipients at all.
- virtual_alias_maps: The outgoing mails could be to any domain, not just one or two domains.
- canonical rewriting
/^.*$/
: Modifies all mail, which isn't what I want. I only want non-relayable mail to be forwarded.
If this isn't possible in postfix, can other MTAs handle the task? It looks like my other obvious choices are sendmail and exim.
Set up
smtp-sink
-- it is included in Postfix source distribution, but may not be present in binary package.Use spamhole: https://sourceforge.net/projects/spamhole/
From the website: spamhole is a fake sopen SMTP relay, intended to stop (some) spam by convincing spammers that it is delivering spam messages for them, when in fact it is not.