Configuring Postfix as an Inbound Gateway for Exchange or other back-end

This configuration uses static configuration files to enable a postfix gateway to accept, filter, queue and deliver messages to a back-end organizational mail server. This system is suitable to sit and the edge of the network to protect internal systems. It is recommended to create a designated postfix instance for this role.

Features

Block Unwanted Traffic
Anti-Virus Scanning & Spam-Filtering
Reduce Load on Exchange or Back-end

Configuring Postfix

Configure main.cf with the following values.

inet_interfaces = 1.1.1.1
mydestination =
myorigin = domain.com
local_recipient_maps =
local_transport = error:no local delivery

parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps

# this file contains the list to relay for
relay_domains = domain1.com, domain2.com, domain3.com, domain4.com

# list of addresses/domains to accept mail for
relay_recipient_maps = cdb:/etc/postfix/relay_recipient_maps

# Seems OK
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination

# Where to send mail for addresses/domains
transport_maps = cdb:/etc/postfix/transport_maps

# 
# virtual_alias_maps = cdb:/etc/postfix/virtual

Creating Relay Maps

Create the following values in the /etc/postfix.gate/relay_recipient_maps file. The file is simply a list of addresses or domain names, the lookup result is not used.

# mail for the first of the domains we accept for
info@domain1.com x
host@domain1.com x
root@domain1.com x
bill@domain1.com x

# Another Set of Users
info@domain2.com x
host@domain2.com x
root@domain2.com x
bill@domain2.com x

# Accept mail for anyone at domain3.com
@domain3.com x
    
# Accept All Mail Here
@domain4.com x

After editing recreate the map with postmap -c /etc/postfix.gate/main.cf /etc/postfix.gate/relay_recipient_maps

This list can be cumbersome to maintain; postfix supports LDAP or SQL lookups here, configuration is beyond the scope of this document.

Creating Transport Maps

This configures all mail for a [recipient] lookup to transport/next-hop, see man 5 transport section on table search order

# Mail to anyone at domain.com is sent via SMTP to this host
domain1.com smtp:smtp.domain.com

# Also mail to *.domain.com
.domain1.com smtp:[1.1.1.2]:25

# this user goes to a different host for delivery
root@domain1.com smtp:trap.domain.com:25

# Mail to anyone at domain.com is sent via SMTP to this host
domain2.com smtp:[2.2.2.2]:25

# Mail to anyone at domain.com is sent via SMTP to this host
domain3.com smtp:[3.3.3.3]:25

# Mail to anyone at domain.com is sent via SMTP to this host
domain3.com smtp:[4.4.4.4]:25

# bounce these
example.com error:we do not mail to them
hotmail.com error:we do not mail to them
microsoft.com error:we do not mail to them

After editing recreate the map with postmap -c /etc/postfix.gate/main.cf /etc/postfix.gate/transport_maps

Features