|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: restrict access
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Mon Nov 14 2005 - 09:59:11 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Monday 2005-November-14 09:04, Grant Carmichael wrote:
> Can someone tell me how to place restrictions on postfix, so that
> user1domain.com is the only email account that can send email to
> everyonedomain.com. I've seen this page, but I don't think its what
> I need...???
>
> http://www.postfix.org/RESTRICTION_CLASS_README.html
Yes, it is. But there are things to consider.
First, can other users send using the sendmail(1) interface? If so,
anything they send that way is not subject to smtpd(8) restrictions.
Second, anyone could set up their MUA to send as user1. To secure a
scheme like this you would have to force SMTP authentication and use
reject_sender_login_mismatch and related settings. permit_mynetworks
should not be in your smtpd_recipient_restrictions, or $mynetworks
should be restrictive enough to prevent unauthenticated relaying.
After these considerations you need a check_recipient_access lookup of
your target address, calling a restriction class which does a lookup of
check_sender_access for your permitted sender. Since you probably do
not own domain.com I will use example.com:
everyone_access:
everyoneexample.com check_user1
user1_access:
user1example.com OK
main.cf:
[ ... ]
smtpd_restriction_classes = check_user1
# plus others as desired
smtpd_recipient_restrictions = [ ... ]
check_recipient_access hash:$config_directory/everyone_access
check_user1 = check_sender_access hash:$config_directory/user1_access,
reject
I've omitted a few details, but I hope you can fill those in given the
foregoing and reference to the documentation.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]