How to Disable Local Mail Delivery for Specific Domains in Postfix (Google Apps Backup Server Configuration)


1 views

When setting up a Postfix server as a backup MX for Google Workspace (formerly G Suite), you typically want to prevent local delivery for your primary domains. The mail server should only act as a temporary storage until the primary Google servers become available again, not as a final destination.

There are several methods to prevent local delivery in Postfix. The most effective ones include:

# Method 1: Using transport_maps
# /etc/postfix/transport
example.com       :
.example.com      :
backup.example.com :

# Then run:
postmap /etc/postfix/transport
postfix reload

Here's a full configuration example for a Google Apps backup server:

# /etc/postfix/main.cf additions:
mydestination = localhost.localdomain, localhost
local_recipient_maps =
relay_domains = example.com, backup.example.com
transport_maps = hash:/etc/postfix/transport

# /etc/postfix/transport content:
example.com       smtp:[aspmx.l.google.com]
backup.example.com smtp:[alt1.aspmx.l.google.com]

After making these changes, test your configuration:

postmap -q example.com hash:/etc/postfix/transport
postconf -n | grep transport_maps

Send test emails to verify they're being relayed to Google servers rather than delivered locally.

For more granular control, you can use recipient restrictions:

# /etc/postfix/main.cf
smtpd_recipient_restrictions =
    check_recipient_access hash:/etc/postfix/recipient_access,
    permit_mynetworks,
    reject_unauth_destination

# /etc/postfix/recipient_access
@example.com     REJECT
@subdomain.example.com REJECT

Watch out for these issues:

  • Forgetting to run postmap after changing map files
  • Not including all subdomains in your restrictions
  • Overlooking cached DNS lookups

When running a Postfix server as a backup for Google Apps, you might want to prevent local delivery for certain domains. This ensures emails are only relayed to their final destination (like Google's servers) rather than being stored locally.

Postfix handles mail delivery through several components:

main.cf:
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

Method 1: Exclude Domains from mydestination

The most straightforward approach is to modify your main.cf:

# Remove unwanted domains from mydestination
mydestination = $myhostname, localhost.$mydomain, localhost

# Alternative for modern Postfix versions
mydestination = localhost.$mydomain, localhost

Method 2: Using transport_maps

For more granular control:

# In main.cf
transport_maps = hash:/etc/postfix/transport

# /etc/postfix/transport content:
example.com  smtp:[smtp.google.com]:587
.example.com smtp:[smtp.google.com]:587
*            local:

Then compile the map:

postmap /etc/postfix/transport
systemctl reload postfix

Method 3: Recipient Restrictions

Block specific domains from local delivery:

smtpd_recipient_restrictions =
    reject_unauth_destination
    check_recipient_access hash:/etc/postfix/recipient_deny
    permit_mynetworks
    permit_sasl_authenticated
    reject

Always verify changes:

postconf -n | grep mydestination
postmap -q example.com hash:/etc/postfix/transport
sendmail -bv user@example.com
  • Check mail logs: tail -f /var/log/mail.log
  • Test SMTP: telnet localhost 25
  • Verify queue: mailq

When dealing with high-volume mail servers:

  • Use hash or lmdb maps for better performance
  • Consider implementing rate limiting for security
  • Monitor disk I/O for mail queue operations