I have PostFix installed and working to send/receive email.
However, my requirement is for this MTA to only receive inbound email from gmail.
The background is that this server runs a product support system and only accepts email sent to support@myhost.com where myhost.com email is hosted by gmail.
So support@myhost.com is configured to forward to the local PostFix MTA that converts the emails into tickets in the product support system.
The PostFix MTA must completely refuse any email from any other IP addresses than gmail MTA servers. And, additionally, if possible, it must only accept incoming email from support@myhost.com
The product support server sits behind a linksys router. So port forwarding on port 25 in the router sends email to the local machine.
Is there a way to reject any communications except from gmail ip addresses?
Or, failing that, can PostFix be configured to only accept connections from gmail ip addresses?
Or, failing that, can PostFix be configured to reject email from any other ip addresses even if it does initially accept the connection?
Essentially we want outsource dealing with spam to gmail. Plus it's simpler to configure and monitor email received to support@tickzoom.com via the gmail website.
Please advise!
Best Answer
Ohhh, yeah! We have a sweet solution now.
We have added all of Gmails outbound servers to the firewall and only allow them to talk to port 25 on our server. Nobody else.
It works great.
FYI, Google publishes an SPF record with all their valid outbound servers according to the RFC.
So I simply added them all into the firewall for port 25 -- SMTP.
There's only one flaw in this plan.
What if Google adds or changes the SPF list?
Later on, I will make a cron job that once per day, does an SPF lookup, parses the host list, and updates the firewall restriction list.
Then it will be fool proof. Any spammers will only see a closed port, so it will get scratched off their list as a vulnerability. We won't even have the server bogged down with filtering email and such.