docker-mailserver/edge/examples/use-cases/external-relay-only-mailserver/index.html


<!doctype html>
<html lang="en" class="no-js">
  <head>

      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">

        <meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Anti-spam, Anti-virus, etc.) using Docker.">


        <meta name="author" content="docker-mailserver (Github Organization)">


        <link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/examples/use-cases/external-relay-only-mailserver/">


        <link rel="prev" href="../bind-smtp-network-interface/">


        <link rel="next" href="../../../faq/">


      <link rel="icon" href="../../../assets/logo/favicon-32x32.png">
      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.18">


        <title>Use Cases | Relay inbound and outbound mail for an internal DMS - Docker Mailserver</title>


      <link rel="stylesheet" href="../../../assets/stylesheets/main.66ac8b77.min.css">


        <link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">


        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>


      <link rel="stylesheet" href="../../../assets/css/customizations.css">

    <script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>


  </head>


    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">


    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">


        <a href="#introduction" class="md-skip">
          Skip to content
        </a>

    </div>
    <div data-md-component="announce">

    </div>

      <div data-md-color-scheme="default" data-md-component="outdated" hidden>

      </div>


<header class="md-header" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="Header">
    <a href="../../.." title="Docker Mailserver" class="md-header__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">

  <img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">

      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            Docker Mailserver
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">

              Use Cases | Relay inbound and outbound mail for an internal DMS

          </span>
        </div>
      </div>
    </div>


        <form class="md-header__option" data-md-component="palette">


    <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo"  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_0">

      <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31Z"/></svg>
      </label>


    <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue"  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_1">

      <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22Z"/></svg>
      </label>


</form>


      <script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>


      <label class="md-header__button md-icon" for="__search">

        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
      </label>
      <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">

        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>

        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="Search">

        <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">

          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
        </button>
      </nav>

    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            Initializing search
          </div>
          <ol class="md-search-result__list" role="presentation"></ol>
        </div>
      </div>
    </div>
  </div>
</div>


      <div class="md-header__source">
        <a href="https://github.com/docker-mailserver/docker-mailserver" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">

    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
  </div>
  <div class="md-source__repository">
    docker-mailserver
  </div>
</a>
      </div>

  </nav>

</header>

    <div class="md-container" data-md-component="container">


<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  <div class="md-grid">
    <ul class="md-tabs__list">


    <li class="md-tabs__item">
      <a href="../../.." class="md-tabs__link">


  Home

      </a>
    </li>


    <li class="md-tabs__item">
      <a href="../../../introduction/" class="md-tabs__link">


  Introduction

      </a>
    </li>


    <li class="md-tabs__item">
      <a href="../../../usage/" class="md-tabs__link">


  Usage

      </a>
    </li>


      <li class="md-tabs__item">
        <a href="../../../config/environment/" class="md-tabs__link">


  Configuration

        </a>
      </li>


      <li class="md-tabs__item md-tabs__item--active">
        <a href="../../tutorials/basic-installation/" class="md-tabs__link">


  Examples

        </a>
      </li>


    <li class="md-tabs__item">
      <a href="../../../faq/" class="md-tabs__link">


  FAQ

      </a>
    </li>


      <li class="md-tabs__item">
        <a href="../../../contributing/general/" class="md-tabs__link">


  Contributing

        </a>
      </li>


    <li class="md-tabs__item">
      <a href="https://hub.docker.com/r/mailserver/docker-mailserver/" class="md-tabs__link">


  <span class="icon-external-link"></span>DockerHub

      </a>
    </li>


    <li class="md-tabs__item">
      <a href="https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class="md-tabs__link">


  <span class="icon-external-link"></span>GHCR

      </a>
    </li>


    </ul>
  </div>
</nav>


      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">


              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">


<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="../../.." title="Docker Mailserver" class="md-nav__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">

  <img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">

    </a>
    Docker Mailserver
  </label>

    <div class="md-nav__source">
      <a href="https://github.com/docker-mailserver/docker-mailserver" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">

    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
  </div>
  <div class="md-source__repository">
    docker-mailserver
  </div>
</a>
    </div>

  <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../.." class="md-nav__link">


  <span class="md-ellipsis">
    Home
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../introduction/" class="md-nav__link">


  <span class="md-ellipsis">
    Introduction
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../usage/" class="md-nav__link">


  <span class="md-ellipsis">
    Usage
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >


          <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">


  <span class="md-ellipsis">
    Configuration
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4">
            <span class="md-nav__icon md-icon"></span>
            Configuration
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/environment/" class="md-nav__link">


  <span class="md-ellipsis">
    Environment Variables
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/user-management/" class="md-nav__link">


  <span class="md-ellipsis">
    User Management
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_3" >


          <label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="0">


  <span class="md-ellipsis">
    Best Practices
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4_3">
            <span class="md-nav__icon md-icon"></span>
            Best Practices
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/best-practices/autodiscover/" class="md-nav__link">


  <span class="md-ellipsis">
    Auto-discovery
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/best-practices/dkim_dmarc_spf/" class="md-nav__link">


  <span class="md-ellipsis">
    DKIM, DMARC & SPF
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/best-practices/mta-sts/" class="md-nav__link">


  <span class="md-ellipsis">
    MTA-STS
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_4" >


          <label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="0">


  <span class="md-ellipsis">
    Security
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4_4">
            <span class="md-nav__icon md-icon"></span>
            Security
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/security/understanding-the-ports/" class="md-nav__link">


  <span class="md-ellipsis">
    Understanding the Ports
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/security/ssl/" class="md-nav__link">


  <span class="md-ellipsis">
    SSL/TLS
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/security/fail2ban/" class="md-nav__link">


  <span class="md-ellipsis">
    Fail2Ban
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/security/mail_crypt/" class="md-nav__link">


  <span class="md-ellipsis">
    Mail Encryption
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/security/rspamd/" class="md-nav__link">


  <span class="md-ellipsis">
    Rspamd
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item">
      <a href="../../../config/debugging/" class="md-nav__link">


  <span class="md-ellipsis">
    Debugging
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/pop3/" class="md-nav__link">


  <span class="md-ellipsis">
    Mail Delivery with POP3
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/setup.sh/" class="md-nav__link">


  <span class="md-ellipsis">
    About setup.sh
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8" >


          <label class="md-nav__link" for="__nav_4_8" id="__nav_4_8_label" tabindex="0">


  <span class="md-ellipsis">
    Advanced Configuration
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_8_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4_8">
            <span class="md-nav__icon md-icon"></span>
            Advanced Configuration
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/advanced/optional-config/" class="md-nav__link">


  <span class="md-ellipsis">
    Optional Configuration
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_2" >


          <label class="md-nav__link" for="__nav_4_8_2" id="__nav_4_8_2_label" tabindex="0">


  <span class="md-ellipsis">
    Maintenance
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_2_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4_8_2">
            <span class="md-nav__icon md-icon"></span>
            Maintenance
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/advanced/maintenance/update-and-cleanup/" class="md-nav__link">


  <span class="md-ellipsis">
    Update and Cleanup
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_3" >


          <label class="md-nav__link" for="__nav_4_8_3" id="__nav_4_8_3_label" tabindex="0">


  <span class="md-ellipsis">
    Override the Default Configs
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4_8_3">
            <span class="md-nav__icon md-icon"></span>
            Override the Default Configs
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/advanced/override-defaults/dovecot/" class="md-nav__link">


  <span class="md-ellipsis">
    Dovecot
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/override-defaults/postfix/" class="md-nav__link">


  <span class="md-ellipsis">
    Postfix
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/override-defaults/user-patches/" class="md-nav__link">


  <span class="md-ellipsis">
    Modifications via Script
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/auth-ldap/" class="md-nav__link">


  <span class="md-ellipsis">
    LDAP Authentication
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/auth-oauth2/" class="md-nav__link">


  <span class="md-ellipsis">
    OAuth2 Authentication
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/mail-sieve/" class="md-nav__link">


  <span class="md-ellipsis">
    Email Filtering with Sieve
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/mail-fetchmail/" class="md-nav__link">


  <span class="md-ellipsis">
    Email Gathering with Fetchmail
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/mail-getmail/" class="md-nav__link">


  <span class="md-ellipsis">
    Email Gathering with Getmail
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_9" >


          <label class="md-nav__link" for="__nav_4_8_9" id="__nav_4_8_9_label" tabindex="0">


  <span class="md-ellipsis">
    Email Forwarding
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_9_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_4_8_9">
            <span class="md-nav__icon md-icon"></span>
            Email Forwarding
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../config/advanced/mail-forwarding/relay-hosts/" class="md-nav__link">


  <span class="md-ellipsis">
    Relay Hosts
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/mail-forwarding/aws-ses/" class="md-nav__link">


  <span class="md-ellipsis">
    AWS SES
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/mail-forwarding/gmail-smtp/" class="md-nav__link">


  <span class="md-ellipsis">
    Configure Gmail as a relay host
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/full-text-search/" class="md-nav__link">


  <span class="md-ellipsis">
    Full-Text Search
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/kubernetes/" class="md-nav__link">


  <span class="md-ellipsis">
    Kubernetes
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/ipv6/" class="md-nav__link">


  <span class="md-ellipsis">
    IPv6
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/podman/" class="md-nav__link">


  <span class="md-ellipsis">
    Podman
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../config/advanced/dovecot-master-accounts/" class="md-nav__link">


  <span class="md-ellipsis">
    Dovecot Master Accounts
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">


        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>


          <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">


  <span class="md-ellipsis">
    Examples
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_5">
            <span class="md-nav__icon md-icon"></span>
            Examples
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_1" >


          <label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">


  <span class="md-ellipsis">
    Tutorials
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_5_1">
            <span class="md-nav__icon md-icon"></span>
            Tutorials
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../tutorials/basic-installation/" class="md-nav__link">


  <span class="md-ellipsis">
    Basic Installation
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../tutorials/mailserver-behind-proxy/" class="md-nav__link">


  <span class="md-ellipsis">
    Mailserver behind Proxy
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../tutorials/crowdsec/" class="md-nav__link">


  <span class="md-ellipsis">
    Crowdsec
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../tutorials/docker-build/" class="md-nav__link">


  <span class="md-ellipsis">
    Building your own Docker image
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../tutorials/blog-posts/" class="md-nav__link">


  <span class="md-ellipsis">
    Blog Posts
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item md-nav__item--active md-nav__item--nested">


        <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" checked>


          <label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">


  <span class="md-ellipsis">
    Use Cases
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="true">
          <label class="md-nav__title" for="__nav_5_2">
            <span class="md-nav__icon md-icon"></span>
            Use Cases
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">


  <span class="md-ellipsis">
    Forward-Only Mail-Server with LDAP
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../imap-folders/" class="md-nav__link">


  <span class="md-ellipsis">
    Customize IMAP Folders
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../ios-mail-push-support/" class="md-nav__link">


  <span class="md-ellipsis">
    iOS Mail Push Support
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../auth-lua/" class="md-nav__link">


  <span class="md-ellipsis">
    Lua Authentication
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../bind-smtp-network-interface/" class="md-nav__link">


  <span class="md-ellipsis">
    Bind outbound SMTP to a specific network
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--active">

      <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">


        <label class="md-nav__link md-nav__link--active" for="__toc">


  <span class="md-ellipsis">
    Relay inbound and outbound mail for an internal DMS
  </span>


          <span class="md-nav__icon md-icon"></span>
        </label>

      <a href="./" class="md-nav__link md-nav__link--active">


  <span class="md-ellipsis">
    Relay inbound and outbound mail for an internal DMS
  </span>


      </a>


<nav class="md-nav md-nav--secondary" aria-label="Table of contents">


    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>

        <li class="md-nav__item">
  <a href="#introduction" class="md-nav__link">
    <span class="md-ellipsis">
      Introduction
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#dns-setup" class="md-nav__link">
    <span class="md-ellipsis">
      DNS setup
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#public-server-basic-postfix-setup" class="md-nav__link">
    <span class="md-ellipsis">
      Public Server (Basic Postfix setup)
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#private-server-running-dms" class="md-nav__link">
    <span class="md-ellipsis">
      Private Server (Running DMS)
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#imap-pop3" class="md-nav__link">
    <span class="md-ellipsis">
      IMAP / POP3
    </span>
  </a>

</li>

    </ul>

</nav>

    </li>


          </ul>
        </nav>

    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item">
      <a href="../../../faq/" class="md-nav__link">


  <span class="md-ellipsis">
    FAQ
  </span>


      </a>
    </li>


    <li class="md-nav__item md-nav__item--nested">


        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_7" >


          <label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">


  <span class="md-ellipsis">
    Contributing
  </span>


            <span class="md-nav__icon md-icon"></span>
          </label>

        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_7">
            <span class="md-nav__icon md-icon"></span>
            Contributing
          </label>
          <ul class="md-nav__list" data-md-scrollfix>


    <li class="md-nav__item">
      <a href="../../../contributing/general/" class="md-nav__link">


  <span class="md-ellipsis">
    General Information
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../contributing/tests/" class="md-nav__link">


  <span class="md-ellipsis">
    Tests
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="../../../contributing/issues-and-pull-requests/" class="md-nav__link">


  <span class="md-ellipsis">
    Issues and Pull Requests
  </span>


      </a>
    </li>


          </ul>
        </nav>

    </li>


    <li class="md-nav__item">
      <a href="https://hub.docker.com/r/mailserver/docker-mailserver/" class="md-nav__link">


  <span class="md-ellipsis">
    <span class="icon-external-link"></span>DockerHub
  </span>


      </a>
    </li>


    <li class="md-nav__item">
      <a href="https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class="md-nav__link">


  <span class="md-ellipsis">
    <span class="icon-external-link"></span>GHCR
  </span>


      </a>
    </li>


  </ul>
</nav>
                  </div>
                </div>
              </div>


              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" hidden>
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">


<nav class="md-nav md-nav--secondary" aria-label="Table of contents">


    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>

        <li class="md-nav__item">
  <a href="#introduction" class="md-nav__link">
    <span class="md-ellipsis">
      Introduction
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#dns-setup" class="md-nav__link">
    <span class="md-ellipsis">
      DNS setup
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#public-server-basic-postfix-setup" class="md-nav__link">
    <span class="md-ellipsis">
      Public Server (Basic Postfix setup)
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#private-server-running-dms" class="md-nav__link">
    <span class="md-ellipsis">
      Private Server (Running DMS)
    </span>
  </a>

</li>

        <li class="md-nav__item">
  <a href="#imap-pop3" class="md-nav__link">
    <span class="md-ellipsis">
      IMAP / POP3
    </span>
  </a>

</li>

    </ul>

</nav>
                  </div>
                </div>
              </div>


            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">


    <a href="https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/examples/use-cases/external-relay-only-mailserver.md" title="Edit this page" class="md-content__button md-icon">

      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4v-2m10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1 2.1 2.1Z"/></svg>
    </a>


    <a href="https://github.com/docker-mailserver/docker-mailserver/raw/master/docs/content/examples/use-cases/external-relay-only-mailserver.md" title="View source of this page" class="md-content__button md-icon">

      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.15 8.15 0 0 1-1.23-2Z"/></svg>
    </a>


  <h1>Relay inbound and outbound mail for an internal DMS</h1>

<h2 id="introduction"><a class="toclink" href="#introduction">Introduction</a></h2>
<div class="admonition info">
<p class="admonition-title">Community contributed guide</p>
<p>Adapted into a guide from <a href="https://github.com/orgs/docker-mailserver/discussions/3965">this discussion</a>.</p>
<p><strong>Requirements:</strong></p>
<ul>
<li>A <em>public server</em> with a static IP, like many VPS providers offer. It will only relay mail to DMS, no mail is stored on this system.</li>
<li>A <em>private server</em> (e.g.: a local system at home) that will run DMS.</li>
<li>Both servers are connected to the same network via a VPN (<em>optional convenience for trust via the <code>mynetworks</code> setting</em>).</li>
</ul>
<hr />
<p>The guide below will assume the VPN is setup on <code>192.168.2.0/24</code> with:</p>
<ul>
<li>The <em>public server</em> is using <code>192.168.2.2</code></li>
<li>The <em>private server</em> is using <code>192.168.2.3</code></li>
</ul>
</div>
<p>The goal of this guide is to configure a <em>public server</em> that can receive inbound mail and relay that over to DMS on a <em>private server</em>, which can likewise submit mail outbound through a <em>public server</em> or service.</p>
<p>The primary motivation is to keep your mail storage private instead of storing it to disk unencrypted on a VPS host.</p>
<h2 id="dns-setup"><a class="toclink" href="#dns-setup">DNS setup</a></h2>
<p>Follow our <a href="../../../usage/#minimal-dns-setup">standard guidance</a> for DNS setup.</p>
<p>Set your A, MX and PTR records for the <em>public server</em> as if it were running DMS.</p>
<div class="admonition example">
<p class="admonition-title">DNS Zone file example</p>
<p>For this guide, we assume DNS is configured with:</p>
<ul>
<li>A public reachable IP address of <code>11.22.33.44</code></li>
<li>Mail for <code>@example.com</code> addresses must have an MX record pointing to <code>mail.example.com</code>.</li>
<li>An A record for <code>mail.example.com</code> pointing to the IP address of your <em>public server</em>.</li>
</ul>
<div class="highlight"><pre><span></span><code>$ORIGIN example.com
@     IN  A      11.22.33.44
mail  IN  A      11.22.33.44

; mail server for example.com
@     IN  MX  10 mail.example.com.
</code></pre></div>
<p>SPF records should also be set up as you normally would for <code>mail.example.com</code>.</p>
</div>
<h2 id="public-server-basic-postfix-setup"><a class="toclink" href="#public-server-basic-postfix-setup">Public Server (Basic Postfix setup)</a></h2>
<p>You will need to install Postfix on your <em>public server</em>. The functionality that is needed for this setup is not yet implemented in DMS, so a vanilla Postfix will probably be easier to work with, especially since this server will only be used as an inbound and outbound relay.</p>
<p>It's necessary to adjust some settings afterwards.</p>
<!-- This empty quote block is purely for a visual border -->
<div class="admonition quote">
<div class="tabbed-set tabbed-alternate" data-tabs="1:3"><input checked="checked" id="postfix-main-config" name="__tabbed_1" type="radio" /><input id="route-outbound-mail-through-a-separate-transport" name="__tabbed_1" type="radio" /><input id="configure-recipient-domains-to-relay-mail" name="__tabbed_1" type="radio" /><div class="tabbed-labels"><label for="postfix-main-config">Postfix main config</label><label for="route-outbound-mail-through-a-separate-transport">Route outbound mail through a separate transport</label><label for="configure-recipient-domains-to-relay-mail">Configure recipient domains to relay mail</label></div>
<div class="tabbed-content">
<div class="tabbed-block">
<details class="example">
<summary>Create or replace <code>/etc/postfix/main.cf</code></summary>
<div class="highlight"><pre><span></span><code><span class="c1"># See /usr/share/postfix/main.cf.dist for a commented, more complete version</span>

<span class="na">smtpd_banner</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">$myhostname ESMTP $mail_name (Debian/GNU)</span>
<span class="na">biff</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">no</span>

<span class="c1"># appending .domain is the MUA&#39;s job.</span>
<span class="na">append_dot_mydomain</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">no</span>

<span class="c1"># Uncomment the next line to generate &quot;delayed mail&quot; warnings</span>
<span class="c1">#delay_warning_time = 4h</span>

<span class="c1"># See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on</span>
<span class="c1"># fresh installs.</span>
<span class="na">compatibility_level</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">3.6</span>

<span class="c1"># TLS parameters</span>
<span class="na">smtpd_tls_cert_file</span><span class="o">=</span><span class="s">/etc/postfix/certificates/mail.example.com.crt</span>
<span class="na">smtpd_tls_key_file</span><span class="o">=</span><span class="s">/etc/postfix/certificates/mail.example.com.key</span>
<span class="na">smtpd_tls_security_level</span><span class="o">=</span><span class="s">may</span>
<span class="na">smtp_tls_CApath</span><span class="o">=</span><span class="s">/etc/ssl/certs</span>
<span class="na">smtp_tls_security_level</span><span class="o">=</span><span class="s">may</span>
<span class="na">smtp_tls_session_cache_database</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">btree:${data_directory}/smtp_scache</span>

<span class="na">alias_database</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">hash:/etc/aliases</span>
<span class="na">alias_maps</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">hash:/etc/aliases</span>
<span class="na">maillog_file</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/var/log/postfix.log</span>
<span class="na">mailbox_size_limit</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">0</span>
<span class="na">inet_interfaces</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">all</span>
<span class="na">inet_protocols</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ipv4</span>
<span class="na">readme_directory</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">no</span>
<span class="na">recipient_delimiter</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">+</span>

<span class="c1"># Customizations relevant to this guide:</span>
<span class="na">myhostname</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail.example.com</span>
<span class="na">myorigin</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">example.com</span>
<span class="na">mydestination</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">localhost</span>
<span class="na">mynetworks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.2.0/24</span>
<span class="na">smtpd_relay_restrictions</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">permit_mynetworks permit_sasl_authenticated defer_unauth_destination</span>
<span class="na">transport_maps</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">hash:/etc/postfix/transport</span>
<span class="na">relay_domains</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">$mydestination, hash:/etc/postfix/relay</span>

<span class="c1"># Disable local system accounts and delivery:</span>
<span class="na">local_recipient_maps</span><span class="w"> </span><span class="o">=</span>
<span class="na">local_transport</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">error:local mail delivery is disabled</span>
</code></pre></div>
</details>
<p>Let's highlight some of the important parts:</p>
<ul>
<li>Avoid including <code>mail.example.com</code> in <code>mydestination</code>, in fact you can just set <code>localhost</code> or nothing at all here as we want all mail to be relayed to our <em>private server</em> (DMS).</li>
<li><code>mynetworks</code> should contain your VPN network (<em>eg: <code>192.168.2.0/24</code> subnet</em>).</li>
<li>Important are <code>transport_maps = hash:/etc/postfix/transport</code> and <code>relay_domains = $mydestination, hash:/etc/postfix/relay</code>, with their file contents covered below.</li>
<li>For good measure, also disable <code>local_recipient_maps</code>.</li>
<li>You should have a valid certificate configured for <code>mail.example.com</code>.</li>
</ul>
<div class="admonition warning">
<p class="admonition-title">Open relay</p>
<p>Please be aware that setting <code>mynetworks</code> to a public CIDR will leave you with an open relay. <strong>Only</strong> set it to the CIDR of your VPN beyond the localhost ranges.</p>
</div>
</div>
<div class="tabbed-block">
<p>When mail arrives to the <em>public server</em> for an <code>@example.com</code> address, we want to send it via the <code>relay</code> transport to our <em>private server</em> over port 25 for delivery to DMS.</p>
<p><a href="https://www.postfix.org/postconf.5.html#transport_maps"><code>transport_maps</code></a> is configured with a <a href="https://www.postfix.org/transport.5.html"><code>transport</code> table</a> file that matches recipient addresses and assigns a non-default transport. This setting has priority over <a href="https://www.postfix.org/postconf.5.html#relay_transport"><code>relay_transport</code></a>.</p>
<div class="admonition example">
<p class="admonition-title">Create <code>/etc/postfix/transport</code></p>
<div class="highlight"><pre><span></span><code>example.com relay:[192.168.2.3]:25
</code></pre></div>
<p><strong>Other considerations:</strong></p>
<ul>
<li>If you have multiple domains, you can add them here too (on separate lines).</li>
<li>If you use a smarthost add <code>* relay:[X.X.X.X]:port</code> to the bottom (eg: <code>* relay:[relay1.org]:587</code>), which will relay everything outbound via this relay host.</li>
</ul>
</div>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
<p>Instead of a file, you could alternatively configure <code>main.cf</code> with <code>transport_maps = inline:{ example.com=relay:[192.168.2.3]:25 }</code></p>
</div>
</div>
<div class="tabbed-block">
<p>We want <code>example.com</code> to be relayed inbound and everything else relayed outbound.</p>
<p><a href="https://www.postfix.org/postconf.5.html#relay_domains"><code>relay_domains</code></a> is configured with a file with a list of domains that should be relayed (one per line), the 2nd value is required but can be anything.</p>
<div class="admonition example">
<p class="admonition-title">Create <code>/etc/postfix/relay</code></p>
<div class="highlight"><pre><span></span><code>example.com   OK
</code></pre></div>
</div>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
<p>Instead of a file, you could alternatively configure <code>main.cf</code> with <code>relay_domains = example.com</code>.</p>
</div>
</div>
</div>
</div>
</div>
<div class="admonition note">
<p class="admonition-title">Files configured with <code>hash:</code> table type must run <code>postmap</code> to apply changes</p>
<p>Run <code>postmap /etc/postfix/transport</code> and <code>postmap /etc/postfix/relay</code> after creating or updating either of these files, this processes them into a separate file for Postfix to use.</p>
</div>
<h2 id="private-server-running-dms"><a class="toclink" href="#private-server-running-dms">Private Server (Running DMS)</a></h2>
<p>You can set up your DMS instance as you normally would.</p>
<ul>
<li>Be careful not to give it a hostname of <code>mail.example.com</code>. Instead, use <code>internal-mail.example.com</code> or something similar.</li>
<li>DKIM can be setup as usual since it considers checks whether the message body has been tampered with, which our public relay doesn't do. Set DKIM up for <code>mail.example.com</code>.</li>
</ul>
<p>Next, we need to configure our <em>private server</em> to relay all outbound mail through the <em>public server</em> (or a separate smarthost service). The setup is <a href="../../../config/advanced/mail-forwarding/relay-hosts/#technical-details">similar to the default relay setup</a>.</p>
<!-- This empty quote block is purely for a visual border -->
<div class="admonition quote">
<div class="tabbed-set tabbed-alternate" data-tabs="2:2"><input checked="checked" id="configure-the-relay-host" name="__tabbed_2" type="radio" /><input id="trust-the-public-server" name="__tabbed_2" type="radio" /><div class="tabbed-labels"><label for="configure-the-relay-host">Configure the relay host</label><label for="trust-the-public-server">Trust the <em>public server</em></label></div>
<div class="tabbed-content">
<div class="tabbed-block">
<div class="admonition example">
<p class="admonition-title">Create <code>postfix-relaymap.cf</code></p>
<div class="highlight"><pre><span></span><code>@example.com  [192.168.2.2]:25
</code></pre></div>
</div>
<p>Meaning all mail sent outbound from <code>@example.com</code> addresses will be relayed through the <em>public server</em> at that VPN IP.</p>
<p>The <em>public server</em> <code>mynetworks</code> setting from earlier trusts any mail received on port 25 from the VPN network, which is what allows the mail to be sent outbound when it'd otherwise be denied.</p>
</div>
<div class="tabbed-block">
<div class="admonition example">
<p class="admonition-title">Create <code>postfix-main.cf</code></p>
<div class="highlight"><pre><span></span><code>mynetworks = 192.168.2.0/24
</code></pre></div>
</div>
<p>This will trust any connection from the VPN network to DMS, such as from the <em>public server</em> when relaying mail over to DMS at the <em>private server</em>.</p>
<p>This step is necessary to skip some security measures that DMS normally checks for, like verifying DNS records like SPF are valid. As the mail is being relayed, those checks would fail otherwise as the IP of your <em>public server</em> would not be authorized to send mail on behalf of the sender address in mail being relayed.</p>
<details class="tip">
<summary>Alternative to <code>mynetworks</code> setting</summary>
<p>Instead of trusting connections by their IP with the <code>mynetworks</code> setting, those same security measures can be skipped for any authenticated deliveries to DMS over port 587 instead.</p>
<p>This is a bit more work. <code>mynetworks</code> on the <em>public server</em> <code>main.cf</code> Postfix config is for trusting DMS when it sends mail from the <em>private server</em>, thus you'll need to have that public Postfix service configured with a login account that DMS can use.</p>
<p>On the <em>private server</em>, DMS needs to know the credentials for that login account, that is handled with <code>postfix-sasl-password.cf</code>:</p>
<div class="highlight"><pre><span></span><code>@example.com user:secret
</code></pre></div>
<p>You could also relay mail through SendGrid, AWS SES or similar instead of the <em>public server</em> you're running to receive mail from. Login credentials for those relay services are provided via the same <code>postfix-sasl-password.cf</code> file.</p>
<hr />
<p>Likewise for the <em>public server</em> to send mail to DMS, it would need to be configured to relay mail with credentials too, removing the need for <code>mynetworks</code> on the DMS <code>postfix-main.cf</code> config.</p>
<p>The extra effort to require authentication instead of blind trust of your private subnet can be beneficial at reducing the impact of a compromised system or service on that network that wasn't expected to be permitted to send mail.</p>
</details>
</div>
</div>
</div>
</div>
<h2 id="imap-pop3"><a class="toclink" href="#imap-pop3">IMAP / POP3</a></h2>
<p>IMAP and POP3 need to point towards your <em>private server</em>, since that is where the mailboxes are located, which means you need to have a way for your MUA to connect to it.</p>


              </article>
            </div>


<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
        </div>

          <button type="button" class="md-top md-icon" data-md-component="top" hidden>

  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12Z"/></svg>
  Back to top
</button>

      </main>

        <footer class="md-footer">

  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">

    <div class="md-copyright__highlight">
      <p>&copy <a href="https://github.com/docker-mailserver"><em>Docker Mailserver Organization</em></a><br/><span>This project is licensed under the MIT license.</span></p>
    </div>


    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>

</div>

    </div>
  </div>
</footer>

    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>


    <script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant", "content.action.edit", "content.action.view", "content.code.annotate"], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>


      <script src="../../../assets/javascripts/bundle.3220b9d7.min.js"></script>


  </body>
</html>