View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Setup relay only for specific domain
Log in to Ask a Question

Setup relay only for specific domain

email

Hi,

I have two linodes, one for my personal use (domain1.com) the does web and email for me and a few friends, and one for an organization I help out (domain2.com). I've followed the postfix/dovecot/mysql tutorial (which was very good), my setup is exactly that on domain1.com but with a commercially-signed certificate. Domain2.com only receives email for domain2 (and forwards it to individual email addresses elsewhere), and only sends server-side email like forgotten password links from web-apps.

I would like avoid user-email on domain 2, which means that to send as domain2.com (with reverse DNS, SPF etc) I'd like to relay from domain1.com to domain2.com, but only when sending as me@domain2.com. Everything else should be sending as normal, with DNS lookup/routing etc.

I did a little diagram to help:

~~![](<URL url=)http://alastairc.ac/images/examples/email-relay.png" />

I'm struggling to work out what settings I need on each server, can anyone help, or provide keywords to assist my googling? "relay" isn't really working very well!

Also, if it's easier, it would be ok to use the username as the switch for whether to use domain2.com for SMTP, rather than sender address.~~

3 Replies

I think I've worked this out, in the mail.cf for postfix on domain1 add:

sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost_maps

The senderdependentrelayhost_maps file includes lines such as:

me@domain2.com     [domain2.com]:25

You then hash that file:

#postmap sender_dependent_relayhost_maps

And reload postfix.

Then on domain2.com's main.cf add the IP address of domain1.com to the mynetworks setting, e.g.

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 123.123.123.123

And reload postfix.

Does that seem right? It works, have I opened up any issues?

The concern that comes to mind is that because domain2.com trusts mail from domain1.com, whether someone can trick domain1.com into routing spam through domain2.com.

I'm not deeply familiar with this corner of Postfix but it looks like this shouldn't be a problem unless you have changed allowuntrustedrouting to yes. Old standards (and even older practice) allowed the sender to specify the route a message would take through multiple mailservers. This is now deprecated, but these things have a way of hanging on. It seems like the allowuntrustedrouting setting in Postfix will prevent this.

The allowuntrustedrouting defaults to no, and it doesn't feature in my main.cf.

I think the relevant bit for who can send is:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

Thanks for thinking about it.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct