This configuration uses static configuration files to enable a postfix gateway to accept, filter, queue and deliver messages to a back-end organizational mail server. This system is suitable to sit and the edge of the network to protect internal systems. It is recommended to create a designated postfix instance for this role.
Features
- Block Unwanted Traffic
- Anti-Virus Scanning & Spam-Filtering
- Reduce Load on Exchange or Back-end
Configuring Postfix
Configure main.cf with the following values.
inet_interfaces = 1.1.1.1 mydestination = myorigin = domain.com local_recipient_maps = local_transport = error:no local delivery parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps # this file contains the list to relay for relay_domains = domain1.com, domain2.com, domain3.com, domain4.com # list of addresses/domains to accept mail for relay_recipient_maps = cdb:/etc/postfix/relay_recipient_maps # Seems OK smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination # Where to send mail for addresses/domains transport_maps = cdb:/etc/postfix/transport_maps # # virtual_alias_maps = cdb:/etc/postfix/virtual
Creating Relay Maps
Create the following values in the /etc/postfix.gate/relay_recipient_maps
file.
The file is simply a list of addresses or domain names, the lookup result is not used.
# mail for the first of the domains we accept for info@domain1.com x host@domain1.com x root@domain1.com x bill@domain1.com x # Another Set of Users info@domain2.com x host@domain2.com x root@domain2.com x bill@domain2.com x # Accept mail for anyone at domain3.com @domain3.com x # Accept All Mail Here @domain4.com x
After editing recreate the map with postmap -c /etc/postfix.gate/main.cf /etc/postfix.gate/relay_recipient_maps
This list can be cumbersome to maintain; postfix supports LDAP or SQL lookups here, configuration is beyond the scope of this document.
Creating Transport Maps
This configures all mail for a [recipient] lookup to transport/next-hop, see man 5 transport section on table search order
# Mail to anyone at domain.com is sent via SMTP to this host domain1.com smtp:smtp.domain.com # Also mail to *.domain.com .domain1.com smtp:[1.1.1.2]:25 # this user goes to a different host for delivery root@domain1.com smtp:trap.domain.com:25 # Mail to anyone at domain.com is sent via SMTP to this host domain2.com smtp:[2.2.2.2]:25 # Mail to anyone at domain.com is sent via SMTP to this host domain3.com smtp:[3.3.3.3]:25 # Mail to anyone at domain.com is sent via SMTP to this host domain3.com smtp:[4.4.4.4]:25 # bounce these example.com error:we do not mail to them hotmail.com error:we do not mail to them microsoft.com error:we do not mail to them
After editing recreate the map with postmap -c /etc/postfix.gate/main.cf /etc/postfix.gate/transport_maps