8

So a few times now I've been caught out by clients receiving mail sent from the development server because I didn't sanitize the db. So, as an extra safe option, I'd like to ensure that all mail sent from my dev machine is either rejected based on domain or forwarded to myself.

I found a few questions that do a little of what I require;

Postfix on development server, allow mail to be sent to only one domain - This looks good and is what I have implemented so far, but the comment on the first answer is correct. Mail sent through Sendmail does not seem to use this setting.

postfix: catch outgoing mail and redirect - THis looked ok, but updating the transport did not do squat for me.

I also looked at address rewriting http://www.postfix.org/ADDRESS_REWRITING_README.html and read this blog post http://rene.bz/redirect-all-outgoing-email-single-account-postfix/

I am testing this by calling sendmail on the command line with the -t param like so;

sendmail -t < mail

where the contents of 'mail' are

Date: Tue Oct 11 11:25:22 2011 
To: c@example.com 
Subject: test 
From: whatever@somewhere.com
test

I have been changing the address to be my gmail address and the example.com address. I'm wanting all mail to go to another (work) domain.

So far, I have seen no restrictions come into effect.

/etc/postfix/transport looks like this;

example.com :
.example.com :
* :discard

I have added these lines to main.cf

smtpd_recipient_restrictions = hash:/etc/postfix/my_access, reject
transport_maps = hash:/etc/postfix/transport

Please also note I am using the Postfix bundled with MAMP and have been editing main.cf through MAMP - File > Edit Template > main.cf

Community
  • 1
Christian
  • 779
  • 1
  • 13
  • 31
  • 1
    A lot of these are great ideas, but they all seem to miss the one dev machine that wasn't configured properly and just started sending mail. It is usually a good idea to take care of this by either firewalling or transparently proxying all outbound port 25 traffic on the developer networks. – polynomial Oct 11 '11 at 01:49
  • I agree, but for anybody who installs MAMP, sets up a vhost and starts working on an existing site that uses a false cron (like in my scenario) the problem can occur before they are aware of it. In my case, I'd still like to be able to accept mail to my email address which, if I'm not mistaken, firewalling or proxying would stop? – Christian Oct 11 '11 at 02:49
  • Did you tried virtual domains? If test-domains have are in countable amout, it can work – Lazy Badger Oct 11 '11 at 04:39
  • Did I understand you correctly by summarizing: You want all outgoing mails to be blocked/redirected unless they would go to `example.com`? – mailq Oct 11 '11 at 07:28
  • Just set up a DNS server that replies to all MX requests with your server IP. – NickW Nov 15 '13 at 16:09
  • @polynomial You can configure your firewall to transparent proxy all port 25 traffic from your developer network to a postfix box configured to deliver all mail to a single mailbox as described here: [link](http://unix.stackexchange.com/questions/85932/how-can-i-redirect-outbound-traffic-to-port-80-using-iptables-locally) For a localhost system, I used: iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 127.0.0.1:25 You may need to adjust mynetworks in main.cf to add netblocks to avoid relay denied errors. – KIsmay Feb 11 '17 at 15:54

3 Answers3

9

You should install pcre and create a virtual alias file:

apt-get install postfix-pcre

in mail.cf:

virtual_alias_maps = pcre:/etc/postfix/virtual

In /etc/postfix/virtual:

/.*@.*/  $user

Replace $user with the useraccount of your catchall mailbox. Now every single mail sent from that server will be caught in the catchall mailbox

Alex R
  • 972
  • 3
  • 12
  • 26
user196611
  • 197
  • 3
  • 10
8

I think, the most simple soluton, if you want to catch all outgoing mail, insert into /etc/postfix/main.cf

virtual_alias_maps = static:your_local_user_name
jacek
  • 81
  • 1
  • 1
  • I also had to add "sender_canonical_maps" to allow local users (for example the web server) to be properly routed. – greg Oct 17 '16 at 15:02
  • This is simple and straight forward. I set this up by installing postfix on debian (apt-get install postfix), choosing local only mail delivery, and adding the above to main.cf. This directs *ALL* mail to a single local account, which works for me. I tested it using sendmail at the command line, using the php mail function, and using smtp to localhost, all messages were delivered to the local mailbox, despite being addressed to my gmail account. – KIsmay Feb 11 '17 at 15:15
  • This only seems to work for redirecting to LOCAL mailboxes. If I try to redirect to external (eg. static:foo@example.invalid) (with proper adress, of course), postfix always fails me: status=bounced (User unknown in virtual alias table). – Alexander Skwar Oct 28 '19 at 16:40
0

Set relayhost for example to some server which refuses relaying - for example your own mail server. This way any outgoing mail will simply be rejected and its delivery notification will go to postmaster mailbox on development computer.

Tometzky
  • 2,649
  • 4
  • 26
  • 32
  • Yep, I saw that option, but I still want to receive emails to myself. So, I dont want to 'break' the outgoing mail for everything. – Christian Oct 11 '11 at 05:54