On Fri, Jan 30, 2015 at 02:43:15AM +0000, srach wrote:
> I am working on making secure conditions on Postfix sending and receiving
> only relays.
>
> There are two Postfix servers in two locations.
>
> In the #1 location Postfix configuration is so that
>
> ?1.? Send any mail out to any server on the internet with SMTP like always
> ?2.? Relay some specifics mail to only the #2 location Postfix in to Port 25
Save yourself a lot of complexity and use a different port for this on the
destination system. You could use 587, for example. This automatically
bypasses postscreen.
> So when it passes to #2 server the mail with relay I want #2 server
>
> ?1. Know for sure that the relay mail comes from the #1 server.? A added
> header can be made fake so I look for a better way that is not possible to
> fake.
Restrict access to the non-default port via TLS client certs or SASL.
--
Viktor.
