Results 1 to 3 of 3

Thread: Need help with postfix

  1. #1
    Join Date
    Oct 2010
    Beans
    13

    Need help with postfix

    We already have postfix running for last 10 years. We need to do some restrictions on it.

    We have a domain abccompany.com. We need to setup email server where we need to restrict sending of emails within our two domain for most users. For example, everyone@abccompany.com can send to any@abccompany.com and any@xyzcompany.com, but not to any other domains like *@gmail.com, *@yahoo.com etc. But same time, a few email users should be able to send to any outside domains ( like gmail or any domain for that matter ). What approach should I take for this?


    If any one wants to send a mail to outside domain, they can prefix #personal# in the subject and it will wait for some approval from admins. Is this possible using postfix?

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Need help with postfix

    I don't know answers, but here's how I'd attempt it.

    1. Setup 2 different postfix VMs.
    2. A only for internal emails (no way to use it for any outbound email, ever) and
    3. B for general, anywhere, emails.

    Postfix is very light and easily runs in an lxd container which should be under 500MB each, so there isn't a need to allocate whole servers, just need an IP for each.

    http://www.postfix.org/transport.5.html
    http://www.postfix.org/SASL_README.html

    Sorry I'm not more help. We only use a tiny postfix server as an email gateway (in/out) to block 95% of the inbound spam that fail simple checks and prevent outbound that doesn't go through allowed, specific, internal email servers.

    I haven't any clue how to have "personal" emails sent external only using the same infra and would never even entertain that capability. It would be abused. Most people have phones and would use them for personal email needs. There are some other options, like having some separate ISP-connected PCs for personal use in a common area. Lock that down like a public library or primary school would. Perhaps running something like ChromiumOS, so they are secure, have excellent web browsers, and can't be abused by Windows software, while still having internet and webmail access for personal use during breaks. Lots of methods exist to solve these needs that don't require a complex postfix setup.

    As part of a full security architecture, there are many more details to prevent desktops from having any direct internet access.

  3. #3
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Need help with postfix

    I'd start by reading this at least twice: http://www.postfix.org/SMTPD_ACCESS_README.html

    In particular, you probably want to read up on smtpd_sender_restrictions and http://www.postfix.org/access.5.html.
    Last edited by SeijiSensei; July 27th, 2020 at 11:51 PM.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •