21 March 2012
Sometimes we’ll have a client who sends tens of thousands of emails a day from their production systems. And that client insists on copying over their production database to their development server, unmodified each night.
They probably won’t want to send test emails to their real customers, and they’ll probably blame us if this happens. So, what can we do?
Postfix gives us a couple of ways for limiting the destinations it’ll allow emails to be sent to. I like to implement both, just to be sure.
We want to make sure any email received via SMTP will be
restricted to a limited set of domains. We can do this by adding
smtpd_recipient_restrictions. In our
main.cf add or modify
said directive like this:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_domains, reject
Next we create our
recipient_domains database so it looks a little bit
developers.s-n.me OK testers.s-n.me OK
Now we just need to rebuild the hash table (which we will need to do whenever we change the above list) and reload Postfix:
postmap /etc/postfix/recipient_domains postfix reload
Restricting pickup (local)
If the emails we’re carefully trying to filter are being generated by PHP
or any other system that delivers directly into Postfix via the
command, then the SMTP restrictions above won’t have any effect. In this
case, we can specify per-address/domain transports for Postfix to use.
We start by telling Postfix that we want to setup some
transport_maps = hash:/etc/postfix/transport
Now we create our transport map to determine what will happen to email passing through our system:
developers.s-n.me smtp: testers.s-n.me smtp: server.s-n.me local: * error:
The important line is directing the wildcard
error:. Note that
if we still want email to be delivered to mailboxes on the server itself
we need to use the transport
local: for the server’s FQDN.
Finally, we need to rebuild the hash table and reload Postfix:
postmap /etc/postfix/transport postfix reload
And now our server will only allow emails to the domains we’ve specified and our client will have one less thing to blame us for when they press the wrong button on their development machine.