Postfix on development server, allow mail to be sent to only one domain
transport(5) maps are used to redefine how email is routed by postfix.
Add the following line to /etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
Add the new file /etc/postfix/transport with this content:
.example.com : example.com : * discard:
example.com with the domain your mailserver should still send mails to. If you don't care about sub-domains then remove the first line.
Don't forget to hash the file after editing it with postmap(1) and reload postfix so that the changes can take effect:
# postmap /etc/postfix/transport && postfix reload
You can easily restrict the recipients with standard smtpd_recipient_restrictions or more precisely check_recipient_access.
Just create an access(5) table
/etc/postfix/access with the following content (example.com being the domain you want to allow to send mail to):
You can also allow only some specific addresses:
Don't forget to hash the file after editing it with postmap(1):
# postmap /etc/postfix/access
Now put the following recipient restrictions in your main.cf:
smtpd_recipient_restrictions = hash:/etc/postfix/access reject
and reload Postfix:
After that, test it if it works.
So if someone stumbles over this like I did: the answer is indeed header_checks and it works as such:
Add the following line to
header_checks = regexp:/etc/postfix/header_checks
Add the new file
/etc/postfix/header_checkswith this content:
/^To:.*@allowed-domain.com/ DUNNO /^To:.*@/ REDIRECT [email protected]
allowed-domain.com with the domain your mailserver should still send mails to. Replace
[email protected] with the email address all other emails should be redirected to.
If you need to allow multiple domains, the first line should look like this:
Instead of redirecting you can simple drop all other mails. Replace the second line above with:
/^To:.*@/ DISCARD No outgoing mails allowed
- Postfix goes through the mail headers one-by-one.
- Each header line gets matched against the
- If it matches the first line (
To:contains the allowed domain), it skips to the next header line and starts the header checks again from the top. Since no other line will match, this means the mail gets delivered.
- If it matches the second line (
To:contains another external email address), it redirects the mail.
Have you tried header_checks(5)?