|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: not allowing a local user sending an outgoing email, if he's using a determined address.
From: Peter H. Coffin (hellsop
ninehells.com)
Date: Wed Oct 01 2003 - 23:17:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 01, 2003 at 12:31:42PM -0300, Rodrigo Gruppelli wrote:
> What I want to do is not allow a local user to send an outgoing email
> (to the Internet), if he's using a specific domain address.
>
> My domain, let's say, it's myenterprise.com. I want the postfix to
> deny the relay for the local user, if he sends an email with the
> prototype usermyenterprise.com, but to allow if he changes that on
> his damn outlook express, i.e. to userhotmail.com
>
> The idea is the discourage my local users to send outgoing emails with
> the "enterprise's watermark", that is, with usermyenterprise.com.
>
>
> Is there a way I can that? I found nothing related on the
> documentation. The other point is not to deny the relay, if the
> destination is some_other_usermyenterprise.com
>
> Overviewing:
>
> usermyenterprise.com to bgatesmicrosoft.com -> DENY hotmail.com
> userto bgatesmicrosoft.com -> ACCEPT myenterprise.com to
> usersome_other_usermyenterprise.com -> ACCEPT
This is somewhat off the top of my head, so it may need some
experimenting with to make work correctly.
You can probably do this with restriction classes.
Add to main.cf,
smtpd_restriction_classes = force_luser_namechange
force_luser_namechange = reject_unauth_destination
then in the smtpd_recipient_restrictions *above* any permit_mynetworks
or SASL permits, put
check_sender_access hash:/etc/postfix/force_luser_namechange.hash
and create a file /etc/postfix/force_luser_namechange.hash that contains
permitteduser1myenterprise.com DUNNO
permitteduser2myenterprise.com DUNNO
myenterprise.com force_luser_namechange
where permitteduser1myenterprise.com is the email address of those that
are allowed to send mail for your enterprise's watermark.
This should mean that anyone NOT in your list of permittedusers that is
using the myenterprise.com domain must be sending to one of your domains
(the reject_unauth_destination) or the mail will be rejected.
--
Time is a great teacher, but unfortunately it kills all its pupils.
-- Hector Berlioz
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]