Debian – Restrict relay with postfix to certain domain from single IP

debianpostfix

In my company we're using Postfix as a relay for Google Apps SMTP server in a Debian server. Legacy machines like scanners forward messages to our relay server.

How can i allow the scanner to only send mails through the relay only to certain domains (e.g. our .com)?

I'm pretty sure there's something here but I haven't found something working.

Thanks.

Best Answer

You can use postfwd to restrict the domains a specific IP address can send email to (regardless of relay):

action=REJECT; client_address=192.168.1.9; recipient_domain!~/dom1\.com|dom2\.com/

Easy installation on Ubutu server is as follows:

$ apt install postfwd
$ vi /etc/postfix/main.cf
  smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040
$ vi /etc/postfix/postfwd.cf
  action=REJECT; client_address=192.168.1.9; recipient_domain!~/dom1\.com|dom2\.com/
$ systemctl restart postfwd postfix

Related Solutions

Postfix – Forcing the From Address When Relaying Over SMTP

This is how to really do it in postfix.

This config changes sender addresses from both local originated, and relayed SMTP mail traffic:

/etc/postfix/main.cf:

sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check

Rewrite envelope address from email originating from the server itself

/etc/postfix/sender_canonical_maps:

/.+/    newsender@address.com

Rewrite from address in SMTP relayed e-mail

/etc/postfix/header_check:

/From:.*/ REPLACE From: newsender@address.com

Thats very useful if you're for instance using a local relay smtp server which is used by all your multifunctionals and several applications.

If you use Office 365 SMTP server, any mail with a different sender address than the email from the authenticated user itself will simply be denied. The above config prevents this.

Postfix Configuration – How to Retain Copies of All Sent Emails

You're mistaken - all mail is received, all mail is delivered.

As documented, always_bcc defines an address where copies of all mail handled by postfix are sent to.

Everything.

For better control over this process, use sender_bcc_maps and recipient_bcc_maps; some judicious use of regex maps allows you to copy the messages to the same user on an archive domain - for both senders and recipients, like so:

sender_bcc_maps = regexp:/etc/postfix/archive_domain
recipient_bcc_maps = regexp:/etc/postfix/archive_domain

In /etc/postfix/archive_domain:

/^([^@]+)\@example\.com$/    $1@archive.example.com

You can now handle mail to @archive.example.com however you please.

Best Answer

Related Solutions

Postfix – Forcing the From Address When Relaying Over SMTP

Postfix Configuration – How to Retain Copies of All Sent Emails

Related Topic