Multi-tenant EFA System
Posted: 12 Sep 2015 08:27
Hi guys,
i configured EFA appliance, and its serving 3 companies as a mail relay for outgoing and mail shield for incoming,
so all the traffic inbound and outbound from those companies goes through the EFA appliance.
to allow relay im adding the remote static IPs to "mynetworks" on postfix main.cf
and for the mail shield i added the remote domains to /etc/postfix/transport with the related fqdn of the final destination.
(of course i have security checks, custom ports and other stuff not for your concerns)
everything is working great and smooth,
i just try to understand if it's possible in postfix to bind the sender domain to the IP is relaying from,
let me explain,
remote mail server ip: 1.1.1.1
sent from domain: @abc.com
if remote mail server send an email it goes to the EFA, postfix check if the sending IP allow relay, and permit this IP to relay,
so far so good, but i want to tell postfix regardless of the allowing relay
to allow not just the remote IP but also the "MAIL FROM:" domain from the envelpoe.
the idea is, if it comes from server ip: 1.1.1.1 and from @abc.com it will be Allow,
if it comes from server ip: 1.1.1.1 but from @xyz.com it will be deny,
im trying to prevent spambot or open relay proxy if the remote site will get virus or any trojan.
Thank you in advance.
i configured EFA appliance, and its serving 3 companies as a mail relay for outgoing and mail shield for incoming,
so all the traffic inbound and outbound from those companies goes through the EFA appliance.
to allow relay im adding the remote static IPs to "mynetworks" on postfix main.cf
and for the mail shield i added the remote domains to /etc/postfix/transport with the related fqdn of the final destination.
(of course i have security checks, custom ports and other stuff not for your concerns)
everything is working great and smooth,
i just try to understand if it's possible in postfix to bind the sender domain to the IP is relaying from,
let me explain,
remote mail server ip: 1.1.1.1
sent from domain: @abc.com
if remote mail server send an email it goes to the EFA, postfix check if the sending IP allow relay, and permit this IP to relay,
so far so good, but i want to tell postfix regardless of the allowing relay
to allow not just the remote IP but also the "MAIL FROM:" domain from the envelpoe.
the idea is, if it comes from server ip: 1.1.1.1 and from @abc.com it will be Allow,
if it comes from server ip: 1.1.1.1 but from @xyz.com it will be deny,
im trying to prevent spambot or open relay proxy if the remote site will get virus or any trojan.
Thank you in advance.
