0

I would like to add a virtual host/domain with several mailboxes on postfix where the users can only send mail to addresses with a specific domain hosted on the same postfix instance.

The scenario here is that I have a bunch of internal servers and applications, they all run under "appname.local.domain.tld". I would like to allow these applications to only send mail from [email protected] to mailboxes at [email protected]. Other destinations than *@domain.tld should not be allowed for mail originating from *@local.domain.tld. This is to prevent data leaks from a misconfigured application (or an application under attack) and to make sure that all mail from these systems stays within the organization.

Both, mail for *@domain.tld and *.local.domain.tld is handled by the same postfix instance. Mail from *@domain.tld should obviously not be impacted by the restrictions defined above.

How can I configure postfix to achieve the scenario stated above?

Improve this question

1 Answer 1

Reset to default
0

As for limiting who can send to what, I believe this is what you are looking for:

In the general case you need two lookup tables: 
one table that lists destinations that need to be protected, 
and one table that lists domains that are allowed to send to the protected destinations.

/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        ...
        check_recipient_access hash:/etc/postfix/protected_destinations
        ...the usual stuff...

    smtpd_restriction_classes = insiders_only
    insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

/etc/postfix/protected_destinations:
    [email protected]   insiders_only
    [email protected] insiders_only

/etc/postfix/insiders:
    my.domain       OK  matches my.domain and subdomains
    another.domain  OK  matches another.domain and subdomains

From http://www.postfix.org/RESTRICTION_CLASS_README.html

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .