We use Postfix for company email address's given to employees… all are of the format username@example.com.
Basically I want to restrict all incoming mail to these addresses to only allow emails from the @example.com domain.
Simple enough I think however there are a select few supervisor addresses that need to be unrestricted (able to receive emails from any domain).
None of the answers I've found seem to answer this problem (Although I'm really weak when it comes to working with email settings)
snippit of /etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/access,
reject
Best Answer
You could use restriction classes. See:
For your case
Now we have to create two classes, first one for supervisor class and second one for the rest of company.
The Setup
Define smtpd_restriction_classess in main.cf
Set smtpd_recipient_restrictions in main.cf, place this line after
check_sender_access hash:/etc/postfix/access,
This file
/etc/postfix/mycompany.rules
, will perform decision logic to select which address that belongs tomysupervisor
class. So the content isThen define rule for mysupervisor class in main.cf, so postfix will permit all address.
To check whether the email was coming from company domain (example.com), set rule
check_sender_access hash:/etc/postfix/insiders
aftercheck_recipient_access hash:/etc/postfix/mycompany.rules
. The content of/etc/postfix/insiders
Now, main.cf hase become
How it works
For all email, postfix will apply the restriction until
After that email will be checked against
mycompany.rules
. If the recipient was supervisor email, than permit it, otherwise postfix will perform last restriction/etc/postfix/insiders
. If the sender is @example.com then permit it, otherwise reject it.