Inbound Mail Gateway

A mail gateway is an email system that accepts messages and relays them to another system. Gateways might provide a path from one network to another, or from one protocol to another. A common use of a mail gateway is a server that accepts all the mail for a network from the Internet and relays it to internal mail systems. Mail gateways are commonly set up in conjunction with firewall systems to limit the number of servers that need direct access to the Internet.

Imagine a company network such as the one depicted in Figure 9-2. There are sub-domains for different workgroups at the company, and each workgroup has its own internal mail server. The gateway system gw.example.com receives all the mail for the network. The human resources department gets email addressed as user@hr.example.com, and their mail should go to the server mail1.example.com. The sales department uses user@sales.example.com, and their mail should go to mail2.example.com. The client hosts in each subnet retrieve mail from their respective mail servers. Transport maps are required to set up the mail gateway gw.example.com to relay messages to the correct internal mail servers.

Figure 9-2. Email gateway to internal systems

The following procedure demonstrates how to configure gw.example.com to relay messages to the correct internal systems:

1. Make sure that the DNS has been configured correctly with MX records for hr.example.com and sales.example.com pointing to the gateway gw.example.com.
2. In your main.cf file, set relay_domains to include the two internal domains:

   relay_domains = hr.example.com, sales.example.com

3. Make sure that the transport_maps parameter points to your transport lookup table:

   transport_maps = hash:/etc/postfix/transport

4. Add entries to your transport file for each domain pointing to the correct internal mail systems:

   #
   # transport maps
   #
   hr.example.com relay:[mail1.example.com]
   sales.example.com relay:[mail2.example.com]

   We've used brackets around the internal mail system host names to disable MX lookups for those systems.

5. Reload Postfix so that it recognizes the changes in its configuration files:

   # postfix reload

It is highly recommended that you maintain a list of valid recipients for all of your internal users with the relay_recipient_maps parameter. See Section 9.1.1 earlier in the chapter.