Configuring Postfix to block outgoing mail to all but one domain Rumi, September 6, 2019 This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!); When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you’re using real-world data to do some testing, do you want to send all those users irrelevant emails?). This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted. Don’t use IPTables You could, of course, add two IPTables rules to the outgoing chain. The first of which would allow connections on Port 25 to the domain you wish to allow, the second blocking connection to any server on Port 25. It’ll block the mail from being sent, but will mean that every one of those messages sits in the mail queue for 60 days until it’s disregarded. You could reconfigure the timeout, but given the ease of the steps below, what’s the point? Use Transport Mapping Using this method, we can tell Postfix to either reject the mail, or disregard it. The latter is generally the preferred method as we want the sending application to believe the mail has been sent. First we need to edit the postfix configuration file nano /etc/postfix/main.cf Now search for transport_maps (Ctrl-W, transport_maps -> Enter). You shouldn’t find anything (if you do, skip the next step, but make note of which file is listed) Add a line reading transport_maps = hash:/etc/postfix/transport Note: Depending on the version of Postfix you’re running, you could use texthash which would avoid needing to run postmap on the file. It’s up to the reader to work out which route they’d prefer, but if your postfix version is < 2.8 you can’t use texthash. Save and close (Ctrl-X, Y -> Enter) Now we need to update the transport maps (if you didn’t need to add a line, subsitute the relevant file path here) nano /etc/postfix/transport Now we need to add a line specifying which domain to allow sending to (I’m going to allow to bentasker.co.uk). To do so, insert the following lines bentasker.co.uk : * discard: This will simply discard messages to any email address not of the domain bentasker.co.uk. If you wanted to reject with an error you’d use (set the error text to suit your needs) bentasker.co.uk: * error: Only allowing one domain Note: Simply add additional domains on the line after bentasker.co.uk:, one line per domain. Save and close (Ctrl-X, Y -> Enter) Now we need to create a hash of the file (unless you used texthash in main.cf) postmap /etc/postfix/transport Finally, we need Postfix to reload it’s rules /etc/init.d/postfix reload Job done! You should now find that emails sent to domains not specified are silently discarded, whilst those for whitelisted domains go through as normal. Be sure to check that the change has worked though, mailq and the maillog are your friends! For non-whitelisted domains you should see the message being removed in the maillog but with no connection taking place before hand, and relay showing as none (there may be no sign of a connection, but if relay != none there’s a very good chance the mail was sent). Src:https://www.bentasker.co.uk/documentation/linux/161-configuring-postfix-to-block-outgoing-mail-to-all-but-one-domain Related Administrations Configurations (Linux) Postfix
zimbra admin password reset October 4, 2012 To reset the administrative password: su – zimbra zmprov sp <admin email address> <new password> To get a list of all administrators: su – zimbra zmprov gaaa To access the admin console: https://YOURHOST:7071 Remember that the administrative console (sometimes) requires a full email address as the login name, so you… Read More
Installing Let’s Encrypt on a Zimbra Server June 15, 2018June 15, 2018 Let’s Encrypt must be installed on one Linux machine to obtain the proper SSL Certificate, CA Intermediate, and Private Key. It is not required that it be on the same Zimbra Server, but it could save time and help to obtain the renewals, etc. First Step is to stop the… Read More
Install Redis on Ubuntu 18.04 & 16.04 LTS May 23, 2020 Step 1 – Prerequsities Log in to your system with sudo privilege account using shell access, to which you need to install Redis. ssh ubuntu@remote Update the apt-get packages index files and also update existing packages to the newest versions by using the following commands: sudo apt-get update sudo apt-get… Read More