On Sun, Apr 19, 2015 at 10:05:40PM -0500, David Tilley wrote:
> I've been a happy Postfix admin since before Ralf finished his book, but
> now I have something I can't quite wrap my brain around. I have a small
> local Postfix installation that accepts mail *only* from locally logged
> in shell users (via sendmail(1) for example). It listens only on the
> loopback, no incoming network connections at all. All mail is then handed
> off to a relayhost.
>
> How can I restrict the destination addresses to a short whitelist of
> domains?
If you control the relayhost, do it there. Otherwise, set:
main.cf:
default_transport = error:5.7.1 Unauthorized destination domain
relay_transport = $default_transport
indexed = ${default_database_type}:${config_directory}/
transport_maps = ${indexed}transport
relayhost = [relay.example.com]
transport:
# Permitted outbound domains
example.net smtp
example.org smtp
...
# cd /etc/postfix; postmap transport
> What am I missing? Do I have to do the recipient filtering at the relayhost
> instead?
Complex logic belongs on relayhosts if possible, but the above will
work if local controls are preferred.
--
Viktor.
