1

How can I configure postfix that it only accepts emails from specific domains?

I added entries to /etc/postfix/sender_access, e.g. "domain.xyz permit_auth_destination", did a postmap on the file and added the line 

"smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access"

to main.cf

The whole smtpd_recipient_restrictions looks like this:

smtpd_recipient_restrictions =
    reject_unauth_pipelining,
    check_sender_access hash:/etc/postfix/sender_access

p.s.: I know that mail addresses can be easily faked, but that's not the point :)

Improve this question

1 Answer 1

Reset to default
1

In main.cf

smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_unknown_reverse_client_hostname,
  reject_unknown_client_hostname,
  check_client_access hash:/etc/postfix/whitelist,
  reject

In /etc/postfix/whitelist

my.whitelisted.tld OK

Change my.whitelisted.tld to domain you want to allow.

then run postmap /etc/postfix/whitelist and service postfix restart

Improve this answer
3
  • I kept permit_auth_destination in the access file, because - as far as I know - OK can make your server an open relay if the sender fakes a domain from the list. However, thanks :)
    – Steffen
    Commented Mar 3, 2017 at 8:13
  • 1
    @Steffen reject_unauth_destination should block such attempts in early rules, so it's Ok with OK :)
    – Alex
    Commented Mar 3, 2017 at 8:24
  • @Steffen BTW, it's better to use reject_unauth_pipelining in smtpd_data_restrictions = reject_unauth_pipelining
    – Alex
    Commented Mar 3, 2017 at 8:32

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .