Postfix – Only Allow Whitelisted Recipient Domains

We have a test environment with real user data, and during testing, the servers may send emails to these real users. But we definitely don’t want our users to receive those test emails, since they’ll be totally confused and get a bad feeling about our service. Yet we want the emails sent to our company’s domain to be delivered successfully, so we can test with our work email address.

One solution is update the database and change all user emails to dummy ones. However this requires one more step each time the development database is refreshed with real data.

The solution I used is to setup a Postfix SMTP server which only allows several whitelisted domains. The configuration is quite simple.

  1. Add this into main.cf:
    smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_domains, reject
  2. /etc/postfix/recipient_domains is the whitelist file:
    mycompany.com OK
    anotherdomain.com OK
  3. Generate hash file: postmap /etc/postfix/recipient_domains
  4. Restart postfix service

Now try sending an email to a domain not in the whitelist, like mail -s "Test email" someone@gmail.com. Look into /var/log/maillog and you will find something like that:

NOQUEUE: reject: RCPT from …: 554 5.7.1 <someone@gmail.com>: Recipient address rejected: Access denied;…

Then on all development servers, configure to use this postfix server as SMTP relay server. This is simple even with sendmail – the “SMART_HOST” option.

5 Responses to “Postfix – Only Allow Whitelisted Recipient Domains”

  1. karan Says:

    Hi ,

    I have done the similar changes as mentioned by you in your post but its not blocking mail for gmail.com[not included in white list].

    So please suggest is there any other changes required for getting this aborted.

    Thanks,
    Karan

  2. karan Says:

    Hi ,

    I have done the similar changes as mentioned by you in your post but its not blocking mail for gmail.com[not included in white list].

    So please suggest is there any other changes required for getting mails blocked for gmail.com.

    Thanks,
    Karan

  3. karan Says:

    Hi ,

    I got the Answer,For getting this achieved we can use “transport mapping”

    Step 1.Open /etc/postfix/main.cf & enter below line at end

    transport_maps = hash:/etc/postfix/transport

    Step 2:Open /etc/postfix/transport & need to insert line specifying which domain should be allowed as below:

    test.com :
    * discard:

    Step 3:Now need to create a hash of the file
    postmap /etc/postfix/transport

    Step 4:Finally reload or restart postfix and you are done.

  4. Carl Says:

    This worked for me, however I had to follow Karan’s tip as well. Thanks for the info!

  5. Bubelbub Says:

    Postfix ignores the whitelist at current version.
    I follow you howto step by step.

Leave a Reply

Please copy the string kUngWS to the field below:


nine − = 2