Setting Up Simple and Wildcard Email Forwarding
When a business migrates its mail system to SME Server, the first thing most administrators notice is how many routine tasks are handled automatically. Forwarding emails from legacy addresses to new ones is one such task, and the process is surprisingly straightforward once you understand the interface and the underlying Postfix mechanics. In this section, we’ll walk through creating both a single‑address alias and a wildcard alias that captures an entire domain.
Begin by logging into the SME Server web console with a user account that has administrative privileges. From the left‑hand menu, choose “Mail” and then “Aliases.” The alias screen displays a table of existing entries, each with a source address and one or more destinations. To add a new entry, click the “Add” button.
For a standard forward, enter the local part of the old email address in the “Local part” field. The domain field is usually auto‑filled with the system’s default domain, but you can override it if the old address belongs to a different domain that still exists in the system. In the “Target” field, type the new email address or a comma‑separated list of addresses if you need to deliver a copy to several recipients. Once you hit “Save,” Postfix updates its virtual alias map on the fly, and the change takes effect immediately - no service restart required.
Let’s consider a scenario where the company moved its entire support email from support.oldcompany.com to helpdesk@newcompany.com. A single alias can handle that migration, but you might also want a copy of each support ticket to land in a shared inbox for archiving. To achieve this, create two alias entries: one that forwards to helpdesk@newcompany.com and another that forwards to support_archive@newcompany.com. Because SME Server preserves the original envelope data, the original message remains in the sender’s mailbox unless you explicitly configure a copy rule.
Wildcard forwarding is useful when you want to route all traffic from a domain to a single mailbox - for example, consolidating a temporary “info@oldcompany.com” address. To set this up, add an alias where the local part is a single asterisk (*) and the target is the chosen mailbox, such as info_archive@newcompany.com. SME Server translates this into a Postfix virtual alias that matches any address ending with @oldcompany.com and redirects it accordingly. Always double‑check that no critical accounts are left behind; a mis‑configured wildcard could divert a sales inbox to the wrong destination.
External domains pose a subtle challenge. If you forward to a recipient outside the local domain, Postfix treats the destination as an external address. By default, SME Server blocks unknown external domains to prevent abuse. To allow forwarding to a trusted domain - such as gmail.com or office365.com - navigate to “Mail” → “Settings” and add the domain to the “Allowed External Domains” list. Without this step, the forward will silently fail, and you’ll see “relay=error” entries in /var/log/maillog.
Rate limits can surface when forwarding to services that impose strict per‑minute quotas. Gmail, for instance, may reject bulk forwards. A common workaround is to split the rule: create an alias that forwards to the external address, and another alias that retains a copy in a local mailbox. You can do this by using the “+copy” address convention: sendto@newcompany.com and sendto+copy@newcompany.com. The second address holds a copy, while the first sends the message outward. SME Server will apply each alias independently, ensuring that the external mailbox receives the email without hitting a quota ceiling.
After setting up your aliases, use the “Mail > Test” feature to confirm delivery. Compose a test email to each alias and check the recipient’s inbox. If a message fails to arrive, consult the Postfix logs. Search for the message ID and look for lines tagged with “relay=error” or “unknown domain.” These clues usually point to DNS problems or mis‑typed alias entries. Fix the underlying issue, and the forwarding should work instantly.
SME Server also supports dynamic rules via Postfix header checks. If you need to drop or redirect messages based on content - such as discarding spam or forwarding newsletters - edit the header checks file. Open “Mail” → “Settings” → “Postfix Configuration” and add a reference to /etc/postfix/header_checks. Create that file and include rules like:/^Subject: .*URGENT/
DISCARD
This rule silences any mail containing “URGENT” in the subject line. While not a forward, it demonstrates Postfix’s flexibility for custom routing logic.
Finally, maintain a clear record of all alias configurations. A spreadsheet listing alias names, destinations, and the purpose behind each one simplifies troubleshooting and future audits. As forwarding logic grows, a documented map prevents accidental misdelivery and keeps the system transparent for anyone who needs to review it.
Creating and Managing Mailing Lists with SME Server’s Built‑In Manager
Team communication often relies on mailing lists that send a single message to multiple recipients. SME Server’s integrated list manager eliminates the need for third‑party services while still offering core features like moderation, retention, and nested lists. The process starts by navigating to “Mail” → “Lists” and selecting “Create New List.”
During creation, you provide a list name (e.g., engineering), a short description, and designate a primary owner. The owner controls membership, moderates content, and can lock the list to new subscribers. Once the list is saved, SME Server provisions a mailbox and a unique email address - engineering@yourdomain.com. Any message sent to this address is automatically distributed to every subscribed member.
By default, the list is open to self‑subscription. Members can join by emailing subscribe@engineering@yourdomain.com, and the owner receives a confirmation email. If you prefer tighter control, the owner can lock the list in the settings, requiring explicit invitation for each new subscriber.
Adding members manually is a one‑click task. Open the list’s “Members” tab, click “Add Member,” and fill in the user’s email. For larger teams, the interface supports bulk uploads via CSV. Prepare a file with a single column of email addresses, then import it. SME Server assigns each address a status - active, pending, or unsubscribed. This status system is handy for contractors who need temporary access; when their contract ends, change their status to unsubscribed to halt mail delivery without deleting the record.
Moderation settings provide control over content flow. In the “Moderation” section, you can choose to approve every message before it reaches the list. This feature is useful for newsletters or policy announcements where accuracy matters. If you want a balanced approach, enable moderation only for new subscribers, allowing the owner to vet new members before they receive the full mailing stream.
Retention settings keep the list mailbox from growing endlessly. In the “Retention” tab, set a threshold - for instance, keep the last 30 days of messages. SME Server automatically deletes older mail, preventing storage bloat. If regulatory compliance requires permanent record‑keeping, enable the “Archive” option. This copies each message to an external storage location after retention time elapses, ensuring an immutable audit trail while keeping the live mailbox lean.
Nested lists or aliases allow you to send a single message to multiple sub‑groups. Suppose you maintain a company‑wide list, but also want a subset of employees to receive development updates. Create a secondary list, such as dev@yourdomain.com, then configure an alias in the primary list that maps company@yourdomain.com to dev@yourdomain.com. Messages sent to the main address will flow to both the full list and the subset, giving you a streamlined way to target specific audiences.
Integrating with standard email clients is effortless. When a new member joins, the list manager sends a welcome email that includes the list’s address and any subscription instructions. Members can then use any IMAP‑capable client to send or receive messages. If you desire advanced features - such as HTML digests, scheduled newsletters, or web‑based archives - you can install a lightweight tool like Mailman on the same server. Mailman plugs into SME Server’s list mailbox and offers a rich web interface for subscribers.
Security considerations are built into the list manager. In the list settings, enable DKIM signing and SPF checks for outgoing mail. DKIM signs each message with a cryptographic signature that recipients can verify against your domain’s public key, reducing spoofing risk. SPF checks confirm that only your server’s IP addresses are authorized to send on behalf of the list. These measures are essential for protecting your brand and maintaining deliverability.
Ownership does not have to remain with a single user. If the primary owner is unavailable, you can assign additional moderators from the “Members” tab. Moderators receive a copy of each message that requires approval and can approve or reject it with a single click. This delegation model keeps the list operational during staff absences or role changes.
With these tools, SME Server transforms into a robust group communication hub. Whether you need a simple distribution list or a tightly moderated newsletter, the built‑in manager handles it with minimal overhead. By carefully configuring ownership, moderation, and retention, you ensure that teams stay aligned while keeping the mailbox under control and compliant with any data‑retention policies.
Fine‑Tuning Routing, Filters, and Troubleshooting in Postfix
SME Server’s Postfix setup is intentionally lightweight, yet it offers a full suite of tuning options for seasoned administrators. Mastering these settings can drastically improve reliability, reduce spam, and provide a clear audit trail for every message that passes through the server.
Start by inspecting the mail log, typically located at /var/log/maillog. A typical log entry for a received message looks like:Mar 23 12:03:17 smeserver postfix/smtpd[12345]: 1A2B3C4D5E: client=mail.example.com[203.0.113.42]
The message ID (1A2B3C4D5E) is a key that lets you trace the entire journey. Look for subsequent lines that include “status=deferred” or “status=bounced.” The accompanying reason - such as “host not found” or “mailbox full” - pinpoints whether the issue lies in DNS, SMTP connectivity, or mailbox limits.
When a bounce occurs, verify the MX records for the destination domain. Run dig +short MX yourdomain.com and ensure that the returned hosts are reachable and not on a blacklist. If the MX points to an external provider like Gmail, you may need to adjust the “Relay Restrictions” in Postfix. Navigate to “Mail” → “Settings” → “Postfix” and add an entry to check_sender_access hash:/etc/postfix/relay_access. Populate /etc/postfix/relay_access with lines such as:smtp.gmail.com OK
After running postmap /etc/postfix/relay_access and restarting Postfix, the server can forward messages to Gmail’s inbound servers without triggering “unauthenticated destination” errors.
Transport maps give you granular control over where specific addresses or domains should be delivered. For instance, to route all mail for sales@yourdomain.com to SendGrid, create /etc/postfix/transport with:sales@yourdomain.com sendgrid-smtp:587
Run postmap /etc/postfix/transport and restart Postfix. Now every message to sales@yourdomain.com bypasses the default MX lookup and goes directly to SendGrid’s SMTP on port 587. Transport maps are useful for load balancing, regional routing, or ensuring high‑volume accounts use dedicated relays.
Inbound filtering can be achieved with header_checks and body_checks. To block messages containing the word “password” in the body, add a line to /etc/postfix/body_checks like:/password/
FILTER smtp:[127.0.0.1]
This effectively drops the message by redirecting it to a loopback address that performs no action. You can also use DISCARD or REDIRECT for other outcomes. These checks run after the SMTP transaction, making them powerful tools for enforcing corporate policy.
Spam mitigation is essential. Integrate SpamAssassin by adding to /etc/postfix/main.cf:
Configure SpamAssassin to listen on 10024, then set a threshold in /etc/spamassassin/local.cf such as:required_score 5.0
Messages scoring above 5.0 will receive a spam_flag header. To reject spam outright, employ a policy service. Create /etc/postfix/policy with:smtp [127.0.0.1] check_policy_service unix:private/policy
and run a simple daemon that returns “550 Spam detected” for high‑score messages. This approach keeps spam out of users’ inboxes and conserves storage.
Mailbox size limits can cause “mailbox full” errors. SME Server allows you to set a global recipient limit under “Mail” → “Settings” → “Postfix.” If a specific user needs more space, adjust their quota with quota -u user or edit /etc/postfix/main.cf and set:mailbox_limit = 200000
Testing changes is critical. Send a test email with sendmail -v recipient@yourdomain.com and monitor /var/log/maillog in real time. Automated scripts, such as Postfix test harnesses, can run a series of simulated deliveries to ensure that your configuration holds up during upgrades.
Document every tweak. Keep a change log that describes the purpose, the file modified, and the expected effect. When troubleshooting recurring issues, consider configuring rsyslog to forward “status=bounced” entries to an admin email. This proactive alerting catches delivery problems before they affect users.
By combining log analysis, transport maps, and policy checks, you can elevate SME Server’s mail subsystem from a basic relay to a reliable, secure, and compliant platform. The resulting configuration protects the business from spam, ensures proper routing, and provides a transparent audit trail - all without the complexity of a multi‑tenant mail service.
No comments yet. Be the first to comment!