OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Access map question
From: Ralf Hildebrandt (news-list.postfix.usersinnominate.de)
Date: Wed Jun 28 2000 - 01:54:39 CDT

On 27 Jun 2000 22:16:54 +0200, Gary D. Margiotta <garytbe.net> wrote:
>Heya...
>
>I have a box running a small distribution mailing list. The client wants
>the box locked down so that only someone on the actual box itself can send
>mail to the list, and not allow anyone to reply to a message and have it
>get sent to the list, i.e. as in an out-of-office autoreply, or anything
>of that matter.

You're using the wrong approach. Why don't you use a real mailing list
manager program like Mailman or majordomo, which does implement the security
fetures you desire?

>I'm assuming that using the access list I should be able to do this in the
>following way:
>
>user1client.box.com PERMIT
>user2client.box.com PERMIT
>client.box.com PERMIT
>all.other.people.com REJECT
>
>The question I have is this:
>
>a) will this have the desired effect, and
>b) how does one specify the rest of the world?
>
>I was reading the access man page, and it showed how to block a
>destination domain, address, or partial network, not the rest of the
>world. Or maybe I'm misreading the variables.

If you explicitly say:

user1client.box.com OK
user2client.box.com OK
client.box.com OK

and in main.cf somewehere in the UCE restrictions you say:

check_sender_access hash:/etc/postfix/the_above_map
reject

then the reject takes care of all other senders (first match winds). 

-- 
Ralf.Hildebrandtinnominate.de
                                                          innominate AG
                                                      networking people
fon: +49.30.308806-44 fax: -77  web: http://innominate.de  pgp: /pgp/rh