I am working on making secure conditions on Postfix sending and receiving only relays.
There are two Postfix servers in two locations. In the #1 location Postfix configuration is so that 1. Send any mail out to any server on the internet with SMTP like always 2. Relay some specifics mail to only the #2 location Postfix in to Port 25 #1 Postfix instance is doing all the Postscreen & BeforeQueue filters. So when it passes to #2 server the mail with relay I want #2 server 1. Know for sure that the relay mail comes from the #1 server. A added header can be made fake so I look for a better way that is not possible to fake. 2. If from (1.) it is known for sure to be good relay from the #1 server then the #2 server must NOT do the normal scanning with Postscreen & more filter. 3. Still receive normal mail from the internet to Port 25 too. Only in this case then do not bypass and do the normal scanning. In the documents Relay control, junk mail control, and per-user policies http://www.postfix.org/SMTPD_ACCESS_README.html#relay There is much discussions on the restrictions to do. Only I am concerned of the "Dangerous use" I read and the faking I said above. What is the good method for sure identity detection like above and then disable the scanning only in that case? *S*
