OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Natali Giuliano (diaolindiaolin.com)
Date: Sun Feb 18 2001 - 10:03:17 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Il 15:47, domenica 18 febbraio 2001, Michael Tokarev ha scritto:
    > "Diaolin (Natali Giuliano)" wrote:
    > >
    > > I have a problem discussed even into the FAQ:
    > > i have 80 users on my postfix server but i will that :
    > > user1 and user2 allowed to send messages only locally
    > > the other everywhere.
    > > The FAQ explains this with the
    > > ---------------
    > > /etc/postfix/main.cf:
    > > smtpd_recipient_restrictions =
    > > hash:/etc/postfix/restricted_senders
    > > .other stuff... ?????? this is required by postfix but wat

    shoul i
    > > use?
    > Use usual anti-relay settings - defaults will be sufficient for beginning.
    >
    > >
    > > smtpd_restriction_classes = local_only
    > > local_only = check_sender_access hash:/etc/postfix/local_domains,
    > ^^^^^^
    > I suspect that you mean check_RECIPIENT_access here (but in lowercase).
    >
    > > reject
    > >
    > > /etc/postfix/restricted_senders:
    > > foodomain local_only
    > > bardomain local_only
    > >
    > > /etc/postfix/local_domains:
    > > this.domain OK (matches this.domain and subdomains)
    > > that.domain OK (matches that.domain and subdomains)
    > > ------------------------------
    > > I'm confused.................
    > > What i'm missing???
    > >
    > > Tx, Diaolin
    > > P.S:why smtpd_recipient_restriction and not smtpd_sender_restrictions?????
    >
    > Because you want to restrict sender+recipient combination, and need an
    > info about both sender and recipient.
    > []
    > listed in his .forward-some file. (assuming that you have appropriate
    > recipient_delimiter and forward_path that are sometimes very useful for
    > other purposes).
    >
    > As a conclusion: Basically you can't place such restrictions easily..

    Of course, this was even my solution but i need to restrict to my users the
    mail gateway, they haven't any login possiblity and therefore they cannot
    create any .forward.
    With ipchains i stop all the traffic inside->outside and they cannot send any
    mail via http due to the restriction of accessing web sites everywhere.
    I wish that this is a poor solution but if i apply this rules with
    check_recipient_access do you think that it works????????
    I mean, it works for that it can work of course.............
    Diaolin 

    -- 
- Caro... dopo che saremo sposati dividerņ con te i tuoi guai!
- Ma io non ho guai...
- Ho detto dopo....