postfix relay based on origin
I have 4 servers. prod1.example.com, prod2.example.com, dev1.example.com, and dev2.example.com. They all send their mails to smtp.example.com. This server does the relay. Now I want that dev1 and dev2 send all their e-mails to [email protected] except for the e-mails that are sent to [email protected]. The e-mails from prod1 and prod2 are relayed without any restriction.
I read that in the access file you can define that a server must be handled by a filter instead of a simple RELAY (with FILTER foo:bar). I cannot find how and where I need to define this foo (transport) and bar (destination). Al these different parameters confuse me. Also in what order are the different files handled?
Can anybody help me out?
Solution 1:
Your question can be expressed by this pseudocode
if (client == dev1 OR client == dev2)
if recipient == admin
pass it
else
redirect to devbox
else
pass it
Unfortunately, postfix doesn't have generic language (example vcl for varnish configuration) for handle the restriction and forwarding. So, we can try to solve it with hash table feature from postfix. I have two idea how to solve this problem.
Multiple ports solution
I assume, (by default) your dev and prod servers connect to smtp.example.com with same port (port 25). If you can modify the code and adjust firewall restriction, so dev1 and dev2 should connect to smtp.example.com with different port than 25(for example port 2525), then you can go with simple solution. If this scenario doesn't possible, you can skip this idea and go to solution 2.
To allow dev server connect to postfix via port 2525, set another smtpd instance with add this line in master.cf
2525 inet n - n - - smtpd -o smtpd_client_restrictions=check_recipient_access,pcre:/etc/postfix/devbox
Now, the content of /etc/postfix/devbox
/admin@example\.com/ OK
/devbox@example\.com/ OK
/.*/ REDIRECT [email protected]
Now, the prod server won't get the filter like above because they are connect to postfix via port 25. So, it can go through postfix like before.
Restriction Classes Solution
If scenario like first idea wasn't possible, then you can achieve it with restriction class. To do this you can use postfix feature called restriction classes. See
- http://www.postfix.net/postconf.5.html#smtpd_restriction_classes
- http://www.postfix.net/RESTRICTION_CLASS_README.html.
In main.cf add this line
smtpd_restriction_classes = devbox
devbox = check_recipient_access pcre:/etc/postfix/devbox
smtpd_recipient_restrictions =
...
check_client_access hash:/etc/postfix/emailrouting,
...
Content of /etc/postfix/emailrouting
dev1.example.com devbox
dev2.example.com devbox
Content of /etc/postfix/devbox
/admin@example\.com/ OK
/devbox@example\.com/ OK
/.*/ REDIRECT [email protected]
Solution 2:
I am no expert on this but I have been messing with Postfix myself recently and may be able to at least push you in the right direction.
With postfix you can use aliases and map say one address or a bunch of addresses to another. What you will likely want is the recipient_canonical mapping:
http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical
Granted using this method means you would have to put all possible address into the file to ensure emails to any address other than [email protected] get sent to [email protected], but with the mapping you can use Regex.
https://superuser.com/questions/353488/regex-multiple-catch-all-setup-in-postfix
My suggestions would be to ask on Stackoverflow for a simple regex to check if the address is NOT equal to [email protected] then send to [email protected]. This would mean that all other addresses would pass this check and therefore go to [email protected], whereas [email protected] would fail and therefore simply be sent to the intended address.
Hopefully this may give you a nudge in the right direction, any questions you have I will answer to the best of my knowledge.