Postfix / MailScanner question - per domain relaying

David Jones djones at
Tue Oct 10 15:46:37 UTC 2017

On 10/10/2017 10:02 AM, Quintin S. Giesbrecht wrote:
> We use an external mail host that relays all of our email to us on 
> domain So all email on this domain comes from 1 subnet.
> We also have another domain which I need to receive email 
> from anywhere for.
> In order to tighten things up a bit, I want to reject all mail destined 
> to that is NOT from the subnet of our external mail 
> relay.  Is this possible? Can someone point me in the right direction?
> Here is how I picture this:
> Reject all mail to
> Allow mail from to

Add this network CIDR to Postfix mynetworks and make sure 
permit_mynetworks is in all smtpd_* sections if you have customized any 
of them:


This will allow all email from that network to relay through which is a 
little more than you asked for but that network should be under your 
control so this is fine.

Make sure you also add this subnet to SA internal_networks and 
trusted_networks so SA RBL checks will properly ignore that trusted 
relay and check against the IP in the previous Received: header.

Then you would remove the from the relay_domains 
since all destinations will be allowed from that subnet.  Any other 
source subnets will be rejected.

The Postfix mynetworks should be basically identical to the SA 
internal_networks and the SA trusted_networks should be 
internal_networks plus any external networks that may be trusted.

> Allow mail from anywhere to

Leave this domain in the relay_domains list.

> Thanks for any insight.
> ------------------------------------------------------------------------
> Smith Neufeld Jodoin LLP

David Jones

More information about the MailScanner mailing list