Postfix on development server, allow mail to be sent to only one domain

transport(5) maps are used to redefine how email is routed by postfix.

  • Add the following line to /etc/postfix/main.cf:

    transport_maps = hash:/etc/postfix/transport
    
  • Add the new file /etc/postfix/transport with this content:

    .example.com   :
    example.com    :
    *              discard:
    

Replace example.com with the domain your mailserver should still send mails to. If you don't care about sub-domains then remove the first line.

Don't forget to hash the file after editing it with postmap(1) and reload postfix so that the changes can take effect:

# postmap /etc/postfix/transport && postfix reload

You can easily restrict the recipients with standard smtpd_recipient_restrictions or more precisely check_recipient_access.

Just create an access(5) table /etc/postfix/access with the following content (example.com being the domain you want to allow to send mail to):

example.com    OK

You can also allow only some specific addresses:

[email protected]    OK
[email protected]    OK

Don't forget to hash the file after editing it with postmap(1):

# postmap /etc/postfix/access

Now put the following recipient restrictions in your main.cf:

smtpd_recipient_restrictions = 
    hash:/etc/postfix/access
    reject

and reload Postfix:

postfix reload

After that, test it if it works.


So if someone stumbles over this like I did: the answer is indeed header_checks and it works as such:

  • Add the following line to /etc/postfix/main.cf:

    header_checks = regexp:/etc/postfix/header_checks
    
  • Add the new file /etc/postfix/header_checks with this content:

    /^To:.*@allowed-domain.com/  DUNNO
    /^To:.*@/   REDIRECT [email protected]
    

Replace allowed-domain.com with the domain your mailserver should still send mails to. Replace [email protected] with the email address all other emails should be redirected to.

If you need to allow multiple domains, the first line should look like this:

/^To:.*@(allowed-domain.com|another-domain.com)/  DUNNO

Instead of redirecting you can simple drop all other mails. Replace the second line above with:

/^To:.*@/   DISCARD No outgoing mails allowed

Explanation:

  • Postfix goes through the mail headers one-by-one.
  • Each header line gets matched against the header_checks file line-by-line.
  • If it matches the first line (To: contains the allowed domain), it skips to the next header line and starts the header checks again from the top. Since no other line will match, this means the mail gets delivered.
  • If it matches the second line (To: contains another external email address), it redirects the mail.

Have you tried header_checks(5)?