Restricting domains mail can be sent to

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Restricting domains mail can be sent to

Brian Mathis-2
On our development network, one of our requirements is to prevent all
mail from going out except to specific domains.  Can anyone point me
in the direction of how to do something like this?  I see a lot of
restrictions, but a lot if those have to do with spam blocking.

The basic example would be: only allow email going to domains:
abc.com, def.com, xyx.com, and discard all other mail.

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Restricting domains mail can be sent to

Noel Jones-2
Brian Mathis wrote:
> On our development network, one of our requirements is to prevent all
> mail from going out except to specific domains.  Can anyone point me
> in the direction of how to do something like this?  I see a lot of
> restrictions, but a lot if those have to do with spam blocking.
>
> The basic example would be: only allow email going to domains:
> abc.com, def.com, xyx.com, and discard all other mail.
>
> Thanks

You can do this with a transport_maps table.
http://www.postfix.org/transport.5.html

main.cf:
transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport:
abc.com  smtp
def.com  smtp
xyx.com  smtp
*        discard


--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Restricting domains mail can be sent to

mouss-2
In reply to this post by Brian Mathis-2
Brian Mathis wrote:
> On our development network, one of our requirements is to prevent all
> mail from going out except to specific domains.  Can anyone point me
> in the direction of how to do something like this?  I see a lot of
> restrictions, but a lot if those have to do with spam blocking.
>
> The basic example would be: only allow email going to domains:
> abc.com, def.com, xyx.com, and discard all other mail.


smtpd_sender_restrictions =
        check_recipient_access hash:/etc/postfix/rcpt_acl
        reject

== rcpt_acl:
abc.example OK
def.example OK
...

Reply | Threaded
Open this post in threaded view
|

Re: Restricting domains mail can be sent to

Noel Jones-2
mouss wrote:

> Brian Mathis wrote:
>> On our development network, one of our requirements is to prevent all
>> mail from going out except to specific domains.  Can anyone point me
>> in the direction of how to do something like this?  I see a lot of
>> restrictions, but a lot if those have to do with spam blocking.
>>
>> The basic example would be: only allow email going to domains:
>> abc.com, def.com, xyx.com, and discard all other mail.
>
>
> smtpd_sender_restrictions =
>     check_recipient_access hash:/etc/postfix/rcpt_acl
>     reject
>
> == rcpt_acl:
> abc.example    OK
> def.example    OK
> ...
>

... of course this only works for mail submitted via SMTP, and
will 550 reject mail rather than the OP's request to discard.

Changing the "reject" above to "static:DISCARD" would fix this
for SMTP mail, but only the transport_maps example posted
earlier will work for mail submitted via sendmail(1).

Since the OP indicated this is a test environment, I assume he
wants postfix to accept all mail, but only deliver the
specified domains.

at any rate, all these examples should give him the options
needed for his project.

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Restricting domains mail can be sent to

Brian Mathis-2
On Tue, Jul 22, 2008 at 3:43 PM, Noel Jones <[hidden email]> wrote:

> ... of course this only works for mail submitted via SMTP, and will 550
> reject mail rather than the OP's request to discard.
>
> Changing the "reject" above to "static:DISCARD" would fix this for SMTP
> mail, but only the transport_maps example posted earlier will work for mail
> submitted via sendmail(1).
>
> Since the OP indicated this is a test environment, I assume he wants postfix
> to accept all mail, but only deliver the specified domains.
>
> at any rate, all these examples should give him the options needed for his
> project.
>
> --
> Noel Jones

Yes, both good options, thanks for the input.  I definitely would want
to stop all mail, and on these kinds of servers almost all of it is
coming from local processes, not submitted via SMTP.  Some sort of
logging might be nice to be able to analyze when stuff gets dropped,
but I wouldn't want bounces.  Something else to look into for me.

Thanks to both of you, this is a big help.