Postfix server block outgoing fake domain permit only one domain

email centos postfix

To force that users use email address like [email protected] for mail sended from inside the server, you can use this configuration

smtpd_restriction_classes =
   inside

inside =
  check_sender_access hash:/etc/postfix/allowed_senders
  reject

smtpd_recipient_restrictions =
   reject_unauth_destination
   check_client_access hash:/etc/postfix/inside_network
   ... your favourite anti spam stuff here ...
   permit

/etc/postfix/inside_network

127.0.0.1               inside
hostname.example.lan    inside

in /etc/postfix/allowed_senders:

example.lan     OK

Source: http://www.arschkrebs.de/postfix/postfix_restriction_classes3_en.shtml http://www.arschkrebs.de/postfix/postfix_restriction_classes2_en.shtml


After i had the same problem, and a quick search, i found the following (ripped off http://www.bentasker.co.uk/documentation/linux/161-configuring-postfix-to-block-outgoing-mail-to-all-but-one-domain)

Thought i share it here

Use Transport Mapping Using this method, we can tell Postfix to either reject the mail, or disregard it. The latter is generally the preferred method as we want the sending application to believe the mail has been sent.

First we need to edit the postfix configuration file

nano /etc/postfix/main.cf

Now search for transport_maps (Ctrl-W, transport_maps -> Enter). You shouldn't find anything (if you do, skip the next step, but make note of which file is listed)

Add a line reading

transport_maps = hash:/etc/postfix/transport

Note: Depending on the version of Postfix you're running, you could use texthash which would avoid needing to run postmap on the file. It's up to the reader to work out which route they'd prefer, but if your postfix version is < 2.8 you can't use texthash.

Save and close (Ctrl-X, Y -> Enter)

Now we need to update the transport maps (if you didn't need to add a line, subsitute the relevant file path here)

nano /etc/postfix/transport

Now we need to add a line specifying which domain to allow sending to (I'm going to allow to bentasker.co.uk). To do so, insert the following lines

example.com :
* discard:

This will simply discard messages to any email address not of the domain bentasker.co.uk. If you wanted to reject with an error you'd use (set the error text to suit your needs)

example.com:
* error: Only allowing one domain

Note: Simply add additional domains on the line after bentasker.co.uk:, one line per domain.

Save and close (Ctrl-X, Y -> Enter)

Now we need to create a hash of the file (unless you used texthash in main.cf)

postmap /etc/postfix/transport

Finally, we need Postfix to reload it's rules

/etc/init.d/postfix reload

Job done! You should now find that emails sent to domains not specified are silently discarded, whilst those for whitelisted domains go through as normal. Be sure to check that the change has worked though, mailq and the maillog are your friends!

For non-whitelisted domains you should see the message being removed in the maillog but with no connection taking place before hand, and relay showing as none (there may be no sign of a connection, but if relay != none there's a very good chance the mail was sent).

Source: http://www.bentasker.co.uk/documentation/linux/161-configuring-postfix-to-block-outgoing-mail-to-all-but-one-domain

Related

Nginx mutliple rewrite rules per location
reached the maximum partitions on my virtual machine
Simple Vyatta configuration / BGP routes not injecting into routing table
Do cPHulk Brute Force Protection Settings Effect Hosts? [closed]
NSCLIENT\NRPE doesnt handle arguments with white spaces
In-Place Upgrade from Windows Server 2008 R2 to 2012
Connecting SATA 3 to SAS port performance analysis
MegaCli64 -PDInfo shows drive but other commands says device does not exist
Is it possible to be matched up with a member of your ignore list?
What upgrades affect car performance?
What methods are there to to regain sanity?
How do I obtain a Golden Frying Pan?