since I'm running a domain for development teams and I want to use this domain as dev mail server i see a need to restrict the possibilities for sending mails.
Fact is:
– the domain is up and running
– mail and webmail is up and running
I'm using plesk and the fact that there are multiple domains running on this server makes it some how confusing.
right now I'm searching for a solution that only inbetween this domain email were exchanged.
If the domain would be admin.ch all @admin.ch mail accounts are restricted to send and receive mails from @admin.ch.
Do you understand what I mean and have you any suggestion for me?
I found this entry:
Postfix on development server, allow mail to be sent to only one domain
but the problem is that there are multiple hostings running within this server.
Thanks in advance for the fish – best regards, chiuchemandli
— situation:
Server serving multiple domains:
-domain1.ch
-domain2.ch
-domain3.ch
-devdomain.ch
Now i want all users from devdomain.ch be able to send and receive mails only from devdomain.ch. All other domains works as usual.
ATM I'm not sure if header_check is the right thing for my problem!?
Best Answer
I can think of three possible solutions to your problem, one would be to pass all your email through a content filter (can be a simple script that parses the headers, and sends it back into postfix on another port if the conditions you set are met). There is a bit of work involved in this though. Have a look at the Postfix Filter Readme for more information.
The second would be to run two servers (or two instances of postfix), hosting the normal domains on one, the devdomain at the other, that way you can lock the second down as suggested in the other answer.
On the primary server:
/^From:.*devdomain.ch/ FILTER transport:relayIf you set up the devdomain.ch in main.cf to use the relay transport, in the relay_maps put the second server address, then mails From or To devdomain will be relayed to the second server. Then on the second server set up a header_check like this:
!/^From:.*devdomain.ch/ REJECTMake sure the second one by default accepts only mail for devdomain.ch.
Then you can have both instances of postfix deliver to dovecot, or courier in a single location.
The problem with mixing the two domains is that postfix header checks check the headers line by line, so you can't confirm that if the To: matches that the From does as well. It's the normally functional domains that makes things more complicated.
An option to allow users only to send with their username would be to use
smtpd_sender_login_mapswhich maps SASL usernames to emails. This will make sending with scripts or programs installed on the machine more difficult (unless they can do SASL). This would solve half your problems, and the other half could be resolved withcheck_sender_access=hash:/etc/postfix/restricted_sendersYou would then need to define
dev_only