[lug] postifx stripped down config

karl horlen horlenkarl at yahoo.com
Sat Oct 18 16:21:57 MDT 2008


i'm confused by the postfix documentation and online searches.

i've got a web server on a private ip address that sits behind a firewall. the firewall hosts the public ip address for the private web server and forwards public traffic to it.

on the private web server, i want a barebones postfix that will

1) enable complete localhost email delivery.  allow accounts and subsystem to mail to eachother.  i guess that's what you'd call local mail delivery.  system / apache error messages need to go to the appropriate local admin accounts.  custom scripts also generate nightly email reports.  I think this means I only want mail / my mta enabled on interface localhost.

2) i want to disable all EXTERNAL INbound relay attempts.  No INbound mail on any kind on network reachable (non localhost) interfaces should be allowed.  Only INbound on the localhost interface as described in #1 should be allowed.

3) i DO want to alias one of the LOCAL system accounts that are receiving apache mail errors to an external email account so I can receive error reports via a third party account.  this is easy enough to do.

4) #3 means i need to allow OUTbound mail in my postfix config that originates locally.  i'm not sure what config param allows this.

5) #3 implies that i'm going to need a SmartHost (postfix param relayhost) that proxies as the MTA on my behalf.  i've got a valid relayhost to use.

that seems simple enough to me.  however, the postfix doc seems to imply that enabling a relayhost means that mail that is completely local will be delivered to the relayhost.  for example, if a mail gets sent by a local process to root (with no domain affixed), postfix will try to deliver to root at relayhost instead of vanilla root or root at localhost.  

if that's right (and i'm not sure i'm reading that correctly), i do NOT want local mail delivered to my relayhost just because i enable a relayhost.  that's idiotic :-).  

so how do i configure postfix so that all local mail is still handled by local postfix mta leaving only the external aliased mail to go to the relayhost?

regardless of if it's right or not.  since this is a pretty basic config, if someone wouldn't mind sharing the probably less than 10 config lines needed to lockdown postfix to allow local delivery while serving external domain aliases by a relay host, i'd be grateful.  

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the LUG mailing list