How to configure appliance for outbound only

[tentaclefi]

Hi,

I'd like to use EFA as mail gateway for our virtual machine clients. So it would be outbound only and there are
4 networks from where mail should be accepted for further delivery and nowhere else.

So mail would be accepted for delivery only from those 4 networks but for any domain, scanned and passed along to final destination if it's clean.

Can this be done with EFA and what should be taken into account when configuring?

Thanks!

[shawniverson]

Absolutely! I have several outbound only EFA instances.

I recommend using your firewall to limit inbound connections to the appliance.

You can set up EFA as if it were bidirectional as normal.

You may want to disable DNSBLs as they will not function on an outbound only relay and will make your EFA more responsive. You can find these in postfix, mailscanner, and spamassassin configs.

Make sure, even though it is an outbound only relay, that your public IP has a valid PTR record to your outbound relay. Typically your ISP can set this up for you.

Also, if your are using SPF and DKIM on your relay domain, you will want to set those up correctly to include your outbound relay so that remote servers trust you.

[tentaclefi]

Ok,

Sounds good.

So I don't have to know the sender domains?

There are lots of clients behind this outbound filtering appliance and they use their own domains to send email.

[shawniverson]

Yeah, you still need to configure your ip ranges for outbound relay.

EFA-Configure --> 8) Mail Settings --> 1) Outbound Mail Relay

And your transports for internal domains

EFA-Configure --> 8) Mail Settings --> 4) Transport Settings