Deliver mail of a local subnet only to the virtual mailbox but prevent relay via relayhost
For my local mailserver with postfix/dovecot and virtual domains set up as follows: relayhost = aaa.bbb.ccc:25 virtual_mailbox_domains = xxx.yyy.zzz virtual_transport = lmtp:unix:private/dovecot-lmtp I would like to achieve the following - mail of all subnets in my LAN is relayed if nesessary (so not for the virtual domain). To accomplish this, I have listed all my subnets under mynetworks. This works - restrict the delivery of a particular subnet, 192.168.80.0/24 only to the virtual domain so forbid further relay via the relayhost How to accomplish this? I can not remove the 192.168.80.0/24 from mynetworks because then the email is not delivered to the virtual domain too. Thanks. -- Jaap
Re: Deliver mail of a local subnet only to the virtual mailbox but prevent relay via relayhost
On 1 Mar 2021, at 5:14, Jaap Gordijn wrote: For my local mailserver with postfix/dovecot and virtual domains set up as follows: relayhost = aaa.bbb.ccc:25 virtual_mailbox_domains = xxx.yyy.zzz virtual_transport = lmtp:unix:private/dovecot-lmtp I would like to achieve the following - mail of all subnets in my LAN is relayed if nesessary (so not for the virtual domain). To accomplish this, I have listed all my subnets under mynetworks. This works - restrict the delivery of a particular subnet, 192.168.80.0/24 only to the virtual domain so forbid further relay via the relayhost How to accomplish this? I can not remove the 192.168.80.0/24 from mynetworks because then the email is not delivered to the virtual domain too. One approach would be to put a restriction to block that subnet into smtpd_relay_restrictions BEFORE permit_mynetworks. Another possibility would be to remove that subnet from mynetworks and use a restriction class to allow clients on that subnet to send mail to the virtual domain. Saying which of those would be a better fit for your config would require you to provide more information, as described at http://www.postfix.org/DEBUG_README.html#mail -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Deliver mail of a local subnet only to the virtual mailbox but prevent relay via relayhost
On Mon, Mar 01, 2021 at 11:14:57AM +0100, Jaap Gordijn wrote: > relayhost = aaa.bbb.ccc:25 > virtual_mailbox_domains = xxx.yyy.zzz > virtual_transport = lmtp:unix:private/dovecot-lmtp > > I would like to achieve the following > - mail of all subnets in my LAN is relayed if nesessary (so not for the > virtual domain). To accomplish this, I have listed all my subnets under > mynetworks. This works > - restrict the delivery of a particular subnet, 192.168.80.0/24 only to the > virtual domain so forbid further relay via the relayhost > > How to accomplish this? I can not remove the 192.168.80.0/24 from mynetworks > because then the email is not delivered to the virtual domain too. Postfix *by default* allows delivery to your domains from any source, *without* listing that source in mynetworks. # This denies access to send outbound mail to remote domains # unless the client is in mynetworks. # It does not deny inbound mail to your own domains! # smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, # # The default setting is a cautious "defer_unauth_destination", # but a production configuration should promptly change this to # the below: # reject_unauth_destionation If not listing a subnet in mynetworks blocks delivery to a domain listed in any of: - mydestination - virtual_alias_doamins - virtual_mailbox_domains - relay_domains then you have a configuration error. -- Viktor.
