You are right, but I can't use your solution because using it my local
uncensored users couldn't receive mail from the whole Internet...
Let's see all cases:

From | To | Allowed
-------------------
ext | ext | N
ext | unc | Y
ext | cen | N
unc | ext | Y
unc | unc | Y
unc | cen | Y
cen | ext | N
cen | unc | Y
cen | cen | Y
-------------------

ext = external user
unc = uncensored local user
cen = censored local user

Your solution works fine, with the exception of the "ext -> unc" case, that
must be allowed but is rejected by the "smptd_sender_restrictions" you
suggested, because I can't list *all Internet email addresses* in my
check_uncensored map...

My solution manage this case, by rejecting all non-local senders with a
regexp, *after* accepting all other cases (have a close look to the
smtpd_recipient_restrictions pipe", checking the 9 cases listed one after
one by walking through the pipe...).

BTW I think local users will cooperate, since if a miracle if they just know
how to send a mail... how can they forge sender envelopes? :-)
I think I'll try to integrate my solution with yours, to try to avoid
problems you warned me about.

Thank you
Alessio

-----Messaggio originale-----
Da: Victor.DuchovniMorganStanley.com
[mailto:Victor.DuchovniMorganStanley.com]
Inviato: mercoledì 23 gennaio 2002 6.28
A: Alessio Fiore
Cc: postfix-userspostfix.org
Oggetto: Re: Relaying allowed for a limited group of users: it works!

Try again, you are an open relay for mail with a forged envelope sender of
an internal user who is authorized to send to the Internet. Never put OK
entries based only on the sender address in smtpd_recipient_restrictions.
You will need recursive restrictions to do this with just one Postfix
instance (separate Postfix instances for inbound/outbound mail solve
this problem more cleanly IMHO), try:

/etc/postfix/main.cf:

        smtpd_restriction_classes = check_mynetworks

        # Only permit trusted clients (to use local sender addresses)
        #
        check_mynetworks = permit_mynetworks, reject

        # Verify possible authorized sender forgery:
        # For each uncensored user recurse via check_mynetworks.
        #
        # Key Value
        # ----------- ------------------
        # userdomain check_mynetworks
        #
        smtpd_sender_restrictions =
                check_sender_access hash:/etc/postfix/checK_uncensored

        # Permit all mail to open recipients (userdomain -> OK)
        # Permit all mail from verified open senders (userdomain -> OK)
        # Block non-local recipients.
        # Permit local senders (by IP not domain).
        # Block everything.
        #
        smtpd_recipient_restrictions =
                ...
                check_sender_access hash:/etc/postfix/uncensored,
                check_recipient_access hash:/etc/postfix/uncensored,
                reject_unauth_destination,
                permit_mynetworks,
                reject

/etc/postfix/uncensored:

        user1domain OK
        user2domain OK
        ...

/etc/postfix/check_uncensored
        user1domain check_mynetworks
        user2domain check_mynetworks
        ...

-- 
	Viktor.
P.S.	This assumes that local users cooperate and do not forge sender
envelopes.  If this is a problem you will need SASL (which is non-trivial
to deploy).
On Mon, 21 Jan 2002, Alessio Fiore wrote:
> Hi all,
>
> a few days ago I posted a relaying configuration problem that I solved
> today, so I want to post the solution I found... it could be useful for
> someone else...
>
> The problem was: A single host, with Postfix, manages a domain's mail (ex:
> foo.com). Each user can send/receive mail to/from other local users
> (xyzfoo.com) without limitations, but only a limited group of users can
> send/receive mail to/from the whole Internet.
> The solution I found was:
>
> 1) Edit the access map file "access_external" with following lines:
>
> 	allowed_user1	OK
> 	allowed_user2	OK
> 	...
> 	allowed_usern	OK
>
> 2) Edit the regexp file "reject_nonlocal.regexp" with following line:
>
> 	/^(.*)(.*)$/!/^(.*)(.*)(\.)?foo\.com$/	REJECT
>
> 3) Set smtpd_recipient_restrictions parameter in main.cf as follows:
>
> 	smtpd_recipient_restrictions = reject_non_fqdn_sender,
> 	   reject_non_fqdn_recipient,
> 	   reject_unknown_sender_domain,
> 	   reject_unknown_recipient_domain,
> 	   check_recipient_access hash:/etc/postfix/access_external,
> 	   check_sender_access regexp:/etc/postfix/reject_nonlocal.regexp,
> 	   permit_auth_destination,
> 	   check_sender_access hash:/etc/postfix/access_external,
> 	   reject
>
- Disclaimer -
This email and any attachments thereto may contain information which is
confidential and/or protected by intellectual property rights and are
intended for the sole use of the recipient(s) named above. Any use of the
information contained herein (including, but not limited to, total or
partial reproduction, communication or distribution in any form) or the
taking of any action in reliance on the contents, by persons other than the
designated recipient(s) is strictly prohibited.
If you have received this email in error, please notify the sender either by
telephone or by email and delete the material from any computer.
Thank you for your cooperation. 
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]