I need to implement a relay on a test network that will discard all mail
destined for corporate email addresses _except_ the corporate email addresses
that are explicitly allowed. The reason is that my test network is subject to
quotas, and I have to throttle the traffic through the corporate email servers
to keep testing going. Stan has been graciously helping me offline to try
implementing a whitelist/blacklist system, but we're still running into
problems with the configuration - most likely because I'm unable to adequately
articulate my needs. Essentially what I'm after is:
Relay mail from _specific_ test network application hosts to _specific_
corporate email addresses (whitelist)
Relay mail from _one specific_ test network host to _any corporate email
address_ (whitelist)
"DISCARD" (rather than reject) all other mail traffic that hits my relay
(blacklist)
I may have to implement the second condition for other hosts down the road.
Excluding paths, main.cf looks like this:
inet_protocols = all
biff = no
myhostname = pointshooter
delay_warning_time = 1h
message_strip_characters = \0
inet_interfaces = all
mydestination =
mydomain = apptest.wellsfargo.com
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost = testmail
content_filter =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_client_access hash:/etc/postfix/whitelist_access
check_sender_access hash:/etc/postfix/whitelist_access
check_recipient_access hash:/etc/postfix/whitelist_access
check_client_access hash:/etc/postfix/blacklist_access
check_sender_access hash:/etc/postfix/blacklist_access
check_recipient_access hash:/etc/postfix/blacklist_access
smtpd_helo_required = yes
smtpd_helo_restrictions =
strict_rfc821_envelopes = yes
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 0
The problem I'm having is with reject_unauth_destination. If I specify the
corporate domain name in relay.db, any email address with that domain name
relays, which is exactly the opposite of what I want. _Without_ the corporate
domain name in relay.db, everything is rejected before whitelist/blacklist are
checked. I want to relay only the "from hosts"/"to email addresses" specified
in the whitelist, and DISCARD everything else. Is this possible?
