Postfix: Reroute an email, by filtering the sender address, to a mailtrap

By Bill Seremetis, 14 September, 2015

When working on sites with thousands or millions of users you have to face a very important problem: your test/dev sites are not allowed to send emails, at all! Develmail and other solutions exist but most of them are very limiting because you end up with text emails and not your nicely styled HTML mail. A way to overcome this problem is by using an external SMTP server that you manage. I'm using iRedmail which works with Postfix. If your server uses postfix then you should be ok in following this guide.

The basic idea is to trick our Drupal site (or any software for that matter) that it is sending emails normally via SMTP. To do so we create an account like dev@example.com on our mail server. However, we don't want any of these emails to reach anybody, we need to intercept them and reroute them to an account we manage. For that reason we will create a second mail account, called trap@example.com.

Next we configure postfix to do the rerouting. First of all, check that /etc/postfix/master.cf does not have this setting:
receive_override_options=no_header_body_checks

Next, add this line on /etc/postfix/main.cf:
header_checks = pcre:/etc/postfix/header_checks

and finally on a new file called /etc/postfix/header_checks add those two lines:
/From:.*dev@example.com/ REDIRECT trap@example.com
/From:.*trap@example.com/ REJECT Mailtrap isn't allowed to send emails.

That's it! The first line redirects all emails that are being sent from the dev account. The second line disables sending any emails from the trap account. You don't really need the second line, but in case you are going to share it with a lot of a members in your team it is possible that an insecure password might be used, so by limiting it only receive emails you have an extra layer of security. The dev account is also "somewhat" secure, since it will only send emails to the trap.

I couldn't find any documendation (simple and to the point) on that subject on the net. There are a few discussions on serverfault but none of them is valid. Note: the above approach allows you to keep using your mailserver normally for all other accounts. There are many articles on how to blackhole a whole server if you are interested in something like that.

Tags