Address masquerading in Postfix.

Address masquerading refers to the idea that you can hide the names of internal hosts, and make all addresses appear as if they originated from the gateway system itself. You may have internal systems that use your Postfix server as a gateway. When mail is sent from these systems and the sender addresses include the fully qualified hostname, you may want addresses to appear with the domain name only. The masquerade_domains parameter strips hostnames down to their simpler domain names.

The parameter takes a list of domains. Any address whose fully qualified hostname matches the domain portion is stripped down to just the domain name:

root# vim /etc/postfix/main.cf

masquerade_domains = domain.com

Addresses that look like user1@srv1.domain.com and user2@srv2.domain.com are converted to user1@domain.com and user2@example.com.

You can list multiple domains and subdomains. Postfix processes addresses against masquerade domain names in the order you list them. Consider a network that includes the two subdomains, acct.example.com and hr.example.com. You want addresses from these domains to show the subdomain, but you want addresses from any other domain or host in the network to show the parent domain. Set masquerade_domains as follows:

masquerade_domains = srv.domain.com srv1.domain.com domian.com

With this setting, the address user1@hades.srv.domain.com matches srv.domain.com, so that it becomes user1@srv.domain.com.
The address user2@prod.srv1.domain.com matches srv1.domain.com, and becomes user2@srv1.domain.com. Finally, user3@srv1.domain.com matches the last value, domain.com, to become user3@domain.com.

If you want to preserve a domain name that would otherwise be stripped down, you can preface the domain with an exclamation point:

masquerade_domains = !srv2.domain.com, domain.com

In this case, the domain srv2.domain.com will not be rewritten, so the address user10@srv2.domain.com stays as it is.

You can exclude specific account names from masquerading. For example, if you want an address like root@srv10_prod.example.com to stay intact, add the account to the masquerade_exceptions parameter:

masquerade_exceptions = admin, root

And then:

root# /etc/init.d/./postfix restart

Leave a Reply

Your email address will not be published. Required fields are marked *

*