POSTFIX – Per Recipient Sender Restrictions

The following is taken from the official postfix documentation:

Protecting internal email distribution lists

We want to implement an internal email distribution list. Something like, which aliases to all employees. My first thought was to use the aliases map, but that would lead to “all” being accessible from the “outside”, and this is not desired… 🙂

Postfix can implement per-address access controls. What follows is based on the SMTP client IP address, and therefore is subject to IP spoofing.

    smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/access
        ...the usual stuff...

    all@my.domain   permit_mynetworks,reject
    all@my.hostname permit_mynetworks,reject

Specify dbm instead of hash if your system uses dbm files instead of db files. To find out what map types Postfix supports, use the command postconf -m.

Now, that would be sufficient when your machine receives all Internet mail directly from the Internet. That’s unlikely if your network is a bit larger than an office. For example, your backup MX hosts would “launder” the client IP address of mail from the outside so it would appear to come from a trusted machine.

In the general case you need two lookup tables: one table that lists destinations that need to be protected, and one table that lists domains that are allowed to send to the protected destinations.

What follows is based on the sender SMTP envelope address, and therefore is subject to SMTP sender spoofing.

    smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/protected_destinations
        ...the usual stuff...

    smtpd_restriction_classes = insiders_only
    insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

    all@my.domain   insiders_only
    all@my.hostname insiders_only

    my.domain       OK  matches my.domain and subdomains
    another.domain  OK  matches another.domain and subdomains

Getting past this scheme is relatively easy, because all one has to do is to spoof the SMTP sender address.

If the internal list is a low-volume one, perhaps it makes more sense to make it moderated.


To get this working you have to perform these additional steps.

1.You need to run postmap to create the database:

# postmap /etc/postfix/protected_destinations
# postmap /etc/postfix/insiders

2. Restart postfix :

# /etc/init.d/postfix restart



One comment

  1. hello…
    i need some help.

    i use postfix and i want to setting one of client email, i want that email can send mail, but cannot receive mail/reply.

    thank for your help…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s