Well, the organisation is only small (-ish) - call it SME-sized - so
there's only a single email-stack server (postfix, dovecot, clamav,
etc), a separate webserver (hosting both internally and
externally-facing websites, including roundcube hosting all the email
domains), a haproxy "gateway/bastion/dmz-host", and mariadb server (plus
an internal PKI-CA (Step-CA), internal and external DNS boxes, the usual
file-&-print, users' file-store, etc, etc, etc) - so no, there's no
separate "mail-hub" / "edge-mail-gateway" set-up - its all the one box
with the haproxy box sitting in-front.
I suppose any internal email headers could be translated to a generic
"reply-to" email address in one of the external-facing domains - I'm
pretty sure management doesn't want any reference to internal mail
addresses going out to non-organisation-controlled domains - to be
honest, I don't think they thought things through that much; all they
want is to stop the internal emails going out of the email server.
I might be able to convince them to put in a mail-hub (most of the boxes
are VMs anyway; yay for Proxmox/Ceph): which doco (in particular) should
I be reading up on to design/implement this type of set-up? And does it
have to be a separate box, or just a 2nd instance of postfix on the
existing mail-stack server?
When I originally asked my Q I was thinking along the lines of a
"sending domain blacklist" to be checked somewhere in
smtpd_relay_restrictions, but I didn't say anything because I didn't
want to "pollute" peoples mindsets if/when they replied...
And thanks very much for the helpĀ :-)
On 25/1/25 23:43, Viktor Dukhovni via Postfix-users wrote:
On Sat, Jan 25, 2025 at 11:27:13PM +1100, duluxoz via Postfix-users wrote:
So, the internal email domain is used by both servers sending in email
alerts/reports (to the sys-ops) and by users for internal organisation
communication. Those users that require external email access also have an
email account in an externally-facing domain, and usually use the
appropriate domain when sending email. Occasionally, an internal domain
email gets accidentally sent out on the Internet, and of course, replies to
that mis-sent email bounce. So we'd like to stop that from happening (hence
my Q).
Also occasionally, an internal email user sets up a forwarding to an
externally-facing domain (still within the organisation/lan - usually their
externally-facing organisation email), plus sometimes internal emails are
CC'd to organisation-specific externally facing domains. So while filtering
on submission sounds like it might be the way to go, we have to ensure that
emails to/from user_x@example.internal can still reach use...@example.com,
etc, but not user_z@somewhere_on_the_internet.com
OK, so submission is not the stage you want to control. What do you
want to do about the internal domain appearing in message headers:
"From:", "To:", "Cc:", "Reply-To:", ...
The access(5) promitives can reject mesages where the envelope sender
is internal, but don't do anything to headers.
You can use "canonical_maps" to rewritie these to the public domain, if
there's a sensible correspodence between a given internal address and
some associated public address. When there isn't, things get more
complicated... Also how much of this policy can be moved to an internal
mailhub, to which mail flows first, before going to the edge gateway.
If you don't have an internal mailhub, I recommend having one, it
creates a useful point of control where some things are easier than
doing trying to do everything at the edge, which may also be dealing
with external inbound mail, and may have a different view of DNS, ...
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
