Home / server / Questions / 94168
Accepted
datadevil
Asked: 2009-12-15 07:41:49 +0800 CST

Postfix on development server, allow mail to be sent to only one domain

  • 772

We have postfix on our development server, and I'd like it to be able to only send mail to our domain, not to other domains, preventing outside users from accidentally receiving mail from our development server.

I searched through the docs, tried several things but it's still sending to all domains...

postfix

4 Answers

  1. Best Answer

    transport(5) maps are used to redefine how email is routed by postfix.

    • Add the following line to /etc/postfix/main.cf:

      transport_maps = hash:/etc/postfix/transport

    • Add the new file /etc/postfix/transport with this content:

      .example.com   :
example.com    :
*              discard:

    Replace example.com with the domain your mailserver should still send mails to. If you don't care about sub-domains then remove the first line.

    Don't forget to hash the file after editing it with postmap(1) and reload postfix so that the changes can take effect:

    # postmap /etc/postfix/transport && postfix reload
    • 10

  2. You can easily restrict the recipients with standard smtpd_recipient_restrictions or more precisely check_recipient_access.

    Just create an access(5) table /etc/postfix/access with the following content (example.com being the domain you want to allow to send mail to):

    example.com    OK

    You can also allow only some specific addresses:

    [email protected]    OK
[email protected]    OK

    Don't forget to hash the file after editing it with postmap(1):

    # postmap /etc/postfix/access

    Now put the following recipient restrictions in your main.cf:

    smtpd_recipient_restrictions = 
    hash:/etc/postfix/access
    reject

    and reload Postfix:

    postfix reload

    After that, test it if it works.

    • 9

  3. So if someone stumbles over this like I did: the answer is indeed header_checks and it works as such:

    • Add the following line to /etc/postfix/main.cf:

      header_checks = regexp:/etc/postfix/header_checks

    • Add the new file /etc/postfix/header_checks with this content:

      /^To:.*@allowed-domain.com/  DUNNO
/^To:.*@/   REDIRECT [email protected]

    Replace allowed-domain.com with the domain your mailserver should still send mails to. Replace [email protected] with the email address all other emails should be redirected to.

    If you need to allow multiple domains, the first line should look like this:

    /^To:.*@(allowed-domain.com|another-domain.com)/  DUNNO

    Instead of redirecting you can simple drop all other mails. Replace the second line above with:

    /^To:.*@/   DISCARD No outgoing mails allowed

    Explanation:

    • Postfix goes through the mail headers one-by-one.
    • Each header line gets matched against the header_checks file line-by-line.
    • If it matches the first line (To: contains the allowed domain), it skips to the next header line and starts the header checks again from the top. Since no other line will match, this means the mail gets delivered.
    • If it matches the second line (To: contains another external email address), it redirects the mail.
    • 8

  4. Have you tried header_checks(5)?

    • 3