Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm configuring a postfix server for the company I work for and have a question about limiting access by IP address.
First off, we're not using this for SPAM. We're a manufacturing/direct marketing company and will use the email server to contact our salespeople. We do not send UCE. That said, we have had problems in the past with our legitimate email being labeled as spam by a few carriers. This email server is being setup specifically to avoid future problems on that type.
Because of the nature of our business we operate several domains. We want to be able to limit outbound email for a given domain to a single IP Address. For example, say we have have 3 domains - a.com, b.com and c.com - and 3 IP addresses - 1.2.3.1, 1.2.3.2 and 1.2.3.3. We want to set things up so that a.com can only send out email on 1.2.3.1, b.com can only send out email on 1.2.3.2 and c.com can only send out email on 1.2.3.3.
My first impulse is to set these up as virtual domains on the Postfix server but I'm not sure that's the best method. Are there alternatives? What are your recommendations for doing this?
Thanks for the reply. I've read through the man page you referenced. It appears as if the transport table allows me to specify a downstream destination for my email based on sending domain i.e. Postfix will send email from a.com to downstream email server 1.2.3.1, from b.com to 1.2.3.2, etc.
What I'm being asked to do is the mirror image of that. In our case, the application servers that generate the email will use a single Postfix server. Each application server can host several virtual domains. The Postfix server will have one NIC setup on it for each virtual domain. The Postfix server needs to accept email from a.com ONLY on the NIC with IP 1.2.3.1, accept email from b.com ONLY on NIC 1.2.3.2, etc. All the email will leave the Postfix server via a common outbound interface (X.X.X.X) to our upstream provider.
Locking it down still further, 1.2.3.1 must only accept email from a.com. Anything from any other domain MUST be rejected. The same for every other interface.
Will the transport table do this as well? Is this even possible?
Thanks,
John
Last edited by jcoxen; 10-27-2010 at 08:38 AM.
Reason: [Code] tags around ASCII drawing
This is a matter of dns at a first place. If every domain has an MX record pointing to the specific IP, like
Code:
a.com MX mail.a.com.
mail.a.com. A 1.2.3.1
then mail for a specific domain will be delivered to postfix through that IP. Of course all those domains should exist in relay_domains.
From there it's postfix that has to either deliver the message, or forward it to x.x.x.x
Quote:
Locking it down still further, 1.2.3.1 must only accept email from a.com. Anything from any other domain MUST be rejected. The same for every other interface.
Will the transport table do this as well? Is this even possible?
I really don't know how this can be done per domain, as we are talking for one postfix installation serving multiple domains.
The transports table is used to route email for a specific domain through a specific mailserver (or an IP as in the example above).
Let me rephrase my last question a bit. Assuming all required DNS records are properly setup, would running multiple instances of Postfix be a better solution for my needs?
We want to be able to limit outbound email for a given domain to a single IP Address. For example, say we have have 3 domains - a.com, b.com and c.com - and 3 IP addresses - 1.2.3.1, 1.2.3.2 and 1.2.3.3. We want to set things up so that a.com can only send out email on 1.2.3.1, b.com can only send out email on 1.2.3.2 and c.com can only send out email on 1.2.3.3.
Locking it down still further, 1.2.3.1 must only accept email from a.com. Anything from any other domain MUST be rejected. The same for every other interface.
Since you want both these features, I think that this is the only way. 3 different instances (meaning 3 different configurations), that each one accepts and sends mail from/to a specific domain.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.