1

(Update) Enviroment is Ubuntu server 24.04 and opensmtpd Version: 7.4.0p1-1build4.

Im using Amazon SES with a few validated domains. I don't want to relay emails that are not from authorized domains. My current smtpd.conf is:

table relay_secrets file:/etc/smtpd/relay_secrets
listen on localhost port 25 mask-src hostname MyDomain.com
listen on socket mask-src
action "relay_ses" relay host smtp+tls://ses@email-smtp.us-east-1.amazonaws.com:587 auth <relay_secrets>
match from mail-from "@MyDomain.com" for any action "relay_ses"
match from any reject

And it works:

  • An email from root@Mydomain.com to MyEmail@gmail.com pass
  • An email from root@Wrongdomain.com to MyEmail@gmail.com is rejected.

But the error is: Invalid recipient: MyEmail@gmail.com. Not sender error. I guess it is because it is the last rule that is deciding not to send the mail. Is there any way to indicate which domains (in From part) are valid?

renegm
  • 151

2 Answers2

2

Solved

table relay_secrets file:/etc/smtpd/relay_secrets
table allowed_domains { "^[^@]+@mydomain\.com$" }

filter goaway phase mail-from match !mail-from regex <allowed_domains> reject "550 go away"


listen on localhost port 25 mask-src hostname mydomain.com filter goaway
listen on socket mask-src filter goaway


action "relay_ses" relay host smtp+tls://ses@email-smtp.us-east-1.amazonaws.com:587 auth <relay_secrets>


match from mail-from regex <allowed_domains> for any action "relay_ses"
match from any reject

The first time I tried to use filters I made a syntax mistake that did not cause an error, but it did not work. There is no need to re-verify the domains when sending, but my actual setup is a bit more complicated than this and I keep it just in case. I'd really like to not rely on regex for this but I couldn't find anything else and this works. Any other solution?

I'm surprised OpenSMTPD isn't recommended more. Everywhere you find recommendations for sendmail or postfix that are tremendously bloated, or small ones like nullmailer or sSMTP etc, which are limited or buggy.

Paul
  • 3,278
renegm
  • 151
0

To specify valid sender domains in OpenSMTPD, set the smtpd_sender_restrictions parameter in the smtpd.conf file. You can specify allowed domains using matching or relaying rules to allow only certain domains to send email. This helps prevent spam and abuse of your SMTP server for outgoing messages.

Thulsidass
  • 11