6

I've got a nice little mail server setup (running Ubuntu Server 16.04) that works a treat. It uses postfix as SMTP, which uses dovecot (IMAP) as an authentication source for virtual mailbox users.

It's been working fine, but now I have a second server in another location (with a dynamic IP address), which I'd like to be able to send mail through my main mail server. I've seen a guide on setting it up in authenticated-relay mode, and am part-way through the process, but then I realised that I'd need a send-only email account for it to authenticate against, as I don't want it to be able to receive mail and fill up the server's hard drive (I won't check the inbox!).

How can I create a new email account in my virtual users setup that doesn't have a mailbox, but can still connect via SMTP and send emails?

starbeamrainbowlabs
  • 323
  • 1
  • 6
  • 16

1 Answers1

9

The easiest solution would be to add the user just like any other user, but restrict recipient. This will give an error during RCPT TO regardless whether the user actually exists or not.

For example, if a web page of a company might send some emails using websiteuser@example.com as a sender address, while no-one should read that address but only their first.last@example.com addresses, and the server has mydestination = example.com that would normally deliver to that user, I'd simply add (without removing what there already is in smtpd_recipient_restrictions):

smtpd_recipient_restrictions =
    . . .
    check_recipient_access hash:/etc/postfix/access/denied_recipients,
    . . .

check_recipient_access type:table

Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action.

Then add the unallowed addresses there with a friendly and human readable reason for the reject:

websiteuser@example.com    REJECT    Visit the web site for correct contact information.
helpdesksite@example.com   REJECT    Please log in and use the helpdesk contact form.

That should work what ever is the reason you don't want to accept mail for an address. Remember to postmap /etc/postfix/access/denied_recipients as the lookup table is a hash type Berkeley DB.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • This sounds like a great solution, thanks! I'll investigate. If it works, I'll mark it as the accepted answer :-) – starbeamrainbowlabs Jun 17 '17 at 13:28
  • 2
    Yep, this works. It's important to note that postfix, when parsing `smtpd_recipient_restrictions`, will run through the list of restrictions and utilise the first one it finds - and will ignore all the rest. So if you have a rule that says "allow everyone who's logged in" _before_ this new `check_recipient_access` rule, it will follow the allow logged in users rule for accounts local to the server and ignore the new one. – starbeamrainbowlabs Jun 19 '17 at 20:13
  • 1
    True. You have done your homework well! :) – Esa Jokinen Jun 19 '17 at 20:14
  • 1
    If you would like to store this information in mysql, you can add a bool `receive` field to your virtual user table, set `check_recipient_access mysql:/etc/postfix/virtual/mysql-recipient-access.cf` in `smtpd_recipient_restrictions` and write a query at `mysql-recipient-access.cf` like `SELECT 'REJECT' as action FROM virtual_users WHERE email = '%s' AND receive = 0;`. – TCB13 Jun 20 '20 at 17:06