To improve security or offload services like virus and spam checking, you may want to implement an SMTP gateway. This article describes how to configure Postfix as an SMTP gateway.

SMTP Gateway

DMZ Mail Server

The DMZ mail server forwards the inbound mail to the internal mail server and delivers the outbound mail.

Edit main.cf
1. Edit /etc/postfix/main.cf and update the lines below.
mydestination = 
local_recipient_maps = 
local_transport = error:local mail delivery is disabled

mynetworks = 127.0.0.0/8 192.168.1.3
relay_domains = example.com
transport_maps = hash:/etc/postfix/transport
smtpd_recipient_restrictions = permit_mynetworks
    reject_unauth_destination

The first three lines above disables local delivery. Replace 192.168.1.3 with the IP address of your internal mail server.

Edit transport
2. Edit the file /etc/postfix/transport and add the line below.
example.com :[192.168.1.3]

Replace 192.168.1.3 with the hostname or IP address of your internal mail server.

postmap transport3. Type the line command below to create a transport database file.
postmap /etc/postfix/transport
Service Configuration4. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.
Terminal5. You should now be able to send mails to your DMZ mail server and those mails will be automatically relayed to your internal mail server. See Test Postfix using Telnet.

Internal Mail Server

The internal mail server holds the mailbox and forward all outbound mail to the DMZ mail server for delivery. Make sure you have working Postfix mail server.

Edit main.cf
1. Edit /etc/postfix/main.cf and update the lines below.
transport_maps = hash:/etc/postfix/transport
Edit transport
2. Edit the file /etc/postfix/transport and add the lines below.
example.com    :
.example.com   :
*              smtp:[192.168.3.2]

Replace 192.168.3.2 with the hostname or IP address of your DMZ mail server.

postmap transport3. Type the line command below to create a transport database file.
postmap /etc/postfix/transport
Service Configuration4. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.
Terminal5. Your outbound mail should now be sent the DMZ mail server. See Test Postfix using Telnet.

SMTP Gateway Notes

It is easy to setup an SMTP gateway mail server but you also need to consider the items below.

  • Add Antivirus and Antispam Filtering. Since the DMZ mail server is exposed on the internet, make sure it has anti-virus and anti-spam filtering.

  • Verify Recipient. If possible, you also need to apply the same recipient verification method you used in your internal mail server. This will allow your DMZ mail server to reject all invalid recipient address instead of having the internal mail server bounce the relayed emails with invalid recipients. Use the relay_recipient_maps setting in /etc/postfix/main.cf to specify the valid recipients.

  • Use IP Address. By specifying the hostname or IP address in the transport file, the DNS MX lookup can be eliminated. Specifying the IP address will be even better since this will eliminate the need for any DNS lookup.

  • Flush Mail Queue. You can force Postfix to immediately send all the mail in its queue by typing in the command below.

    postfix flush
    

Visit the forum to ask for help or to give a comment.

***
Posted on 5/2/2010 and last updated on 5/2/2010
Filed under Postfix