I'm configuring a postfix server for the company I work for and have a question about limiting access by IP address.

First off, we're not using this for SPAM. We're a manufacturing/direct marketing company and will use the email server to contact our salespeople. We do not send UCE. That said, we have had problems in the past with our legitimate email being labeled as spam by a few carriers. This email server is being setup specifically to avoid future problems on that type.

Because of the nature of our business we operate several domains. We want to be able to limit outbound email for a given domain to a single IP Address. For example, say we have have 3 domains - a.com, b.com and c.com - and 3 IP addresses - 1.2.3.1, 1.2.3.2 and 1.2.3.3. We want to set things up so that a.com can only send out email on 1.2.3.1, b.com can only send out email on 1.2.3.2 and c.com can only send out email on 1.2.3.3.

My first impulse is to set these up as virtual domains on the Postfix server but I'm not sure that's the best method. Are there alternatives? What are your recommendations for doing this?

Any help will be appreciated.

Thanks,

John

Hi,

Have a look at the trasport table. You'll need something like the following:
Regards

Thanks for the reply. I've read through the man page you referenced. It appears as if the transport table allows me to specify a downstream destination for my email based on sending domain i.e. Postfix will send email from a.com to downstream email server 1.2.3.1, from b.com to 1.2.3.2, etc.

What I'm being asked to do is the mirror image of that. In our case, the application servers that generate the email will use a single Postfix server. Each application server can host several virtual domains. The Postfix server will have one NIC setup on it for each virtual domain. The Postfix server needs to accept email from a.com ONLY on the NIC with IP 1.2.3.1, accept email from b.com ONLY on NIC 1.2.3.2, etc. All the email will leave the Postfix server via a common outbound interface (X.X.X.X) to our upstream provider.

Something like this...
Locking it down still further, 1.2.3.1 must only accept email from a.com. Anything from any other domain MUST be rejected. The same for every other interface.

Will the transport table do this as well? Is this even possible?

Thanks,

John

Hi,

This is a matter of dns at a first place. If every domain has an MX record pointing to the specific IP, like
then mail for a specific domain will be delivered to postfix through that IP. Of course all those domains should exist in relay_domains.
From there it's postfix that has to either deliver the message, or forward it to x.x.x.x
I really don't know how this can be done per domain, as we are talking for one postfix installation serving multiple domains.
The transports table is used to route email for a specific domain through a specific mailserver (or an IP as in the example above).

Regards

Would running multiple instances of Postfix do what I need?

Theoretically it should do, but again you need a dns to give the MX RR for each domain and thus the postfix instance listening on that IP.

Let me rephrase my last question a bit. Assuming all required DNS records are properly setup, would running multiple instances of Postfix be a better solution for my needs?

Hi,

Given your 2 requirements:
Since you want both these features, I think that this is the only way. 3 different instances (meaning 3 different configurations), that each one accepts and sends mail from/to a specific domain.