Loading ...
Sorry, an error occurred while loading the content.

Re: SMTP sender restriction scheme

Expand Messages
  • Bruno Puga
    http://www.apolicy.org/
    Message 1 of 10 , Jan 31, 2007
    • 0 Attachment
      http://www.apolicy.org/



      On 1/31/07, Mark Hennessy <postfix@... > wrote:
      I'm trying to set up an arrangement on a postfix server where all
      sender From: addresses (that are not in an exception list of From:
      addresses) are blocked with a 500 error if they try to send a message
      to an e-mail address at a domain that is listed as being off-limits.
      How might I do this?

      I can't do it the way that has been suggested to me in the past for
      this application (all users who are not allowed to send to a domain
      are listed in an exception list) as this would allow for unauthorized
      sending if that list of From: addresses is not created properly.

      In brief, this is what I want to set up:
      A file with a list of blocked recipient domains and the 500 error messages
      (restricted_domains).
      A file with a list of e-mail senders who can send to those domains and
      not be blocked (permitted_senders).
      All senders not in permitted_senders sending to a domain in
      restricted_domains: blocked with a 500 error message.

      Any advice in doing this would be greatly appreciated.
      Thanks!

      --
      Mark P Hennessy



    • Mark Hennessy
      ... I have read through apolicy s documentation, and I don t see really how its ACLs could be used to control the flow of e-mails originating from inside of a
      Message 2 of 10 , Jan 31, 2007
      • 0 Attachment
        On 01/31/2007, "Bruno Puga" <brpuga@...> wrote:
        >
        > http://www.apolicy.org/
        >

        I have read through apolicy's documentation, and I don't see really
        how its ACLs could be used to control the flow of e-mails originating
        from inside of a local network going out through this SMTP server
        without affecting incoming mail. Also, this mail server is accepting
        mail relayed to it by an Exchange server from inside the local
        network. All e-mail sent in not otherwise filtered or blocked by
        various anti-spam or anti-virus techniques would have to be accepted
        for relaying to that same Exchange server.

        Also, this mechanism I'm trying to put together would be for the
        purpose of preventing all but explicitly allowed e-mail senders
        identified by their "From:" e-mail address from sending to a list of
        certain domains. Universal prohibition of mail sending for certain
        domains or certain users would not achieve this goal.

        At present, the solution in use is using smtpd_restriction_classes and
        applying a set of access rules on explicitly defined users who are not
        allowed to send to certain domains. For this project, that is not
        good because if some e-mail address is not in this list of explicitly
        defined users, they may be able to send e-mail to any of the listed
        domains with impunity. In this case, it's better for someone to
        complain that they can't send an e-mail out due to being on this list
        improperly than to be able to send the e-mail when they shouldn't be
        able to.

        As an aside regarding apolicy's features, I will say though that the
        alias by time feature is interesting and if there was a way to handle
        round-robin of incoming e-mail to an alias while scanning the headers
        to watch and make sure that replies for a thread go back to the
        original round-robin recipient as well would be VERY useful in a
        helpdesk setting, IMHO.

        > On 1/31/07, Mark Hennessy <postfix@... > wrote:
        >> I'm trying to set up an arrangement on a postfix server where all
        >> sender From: addresses (that are not in an exception list of From:
        >> addresses) are blocked with a 500 error if they try to send a message
        >> to an e-mail address at a domain that is listed as being off-limits.
        >> How might I do this? I can't do it the way that has been suggested
        >> to me in the past for
        >> this application (all users who are not allowed to send to a domain
        >> are listed in an exception list) as this would allow for
        >> unauthorized sending if that list of From: addresses is not created
        >> properly.
        >>
        >> In brief, this is what I want to set up:
        >> A file with a list of blocked recipient domains and the 500 error messages
        >> (restricted_domains).
        >> A file with a list of e-mail senders who can send to those domains and
        >> not be blocked (permitted_senders).
        >> All senders not in permitted_senders sending to a domain in
        >> restricted_domains: blocked with a 500 error message. Any advice in
        >> doing this would be greatly appreciated.
        >> Thanks!
      • Noel Jones
        ... So just invert the logic. The idea is still the same. # main.cf smtpd_delay_reject = yes smtpd_restriction_classes = super_senders_only super_senders_only
        Message 3 of 10 , Jan 31, 2007
        • 0 Attachment
          At 11:32 AM 1/31/2007, Mark Hennessy wrote:
          >At present, the solution in use is using smtpd_restriction_classes and
          >applying a set of access rules on explicitly defined users who are not
          >allowed to send to certain domains. For this project, that is not
          >good because if some e-mail address is not in this list of explicitly
          >defined users, they may be able to send e-mail to any of the listed
          >domains with impunity. In this case, it's better for someone to
          >complain that they can't send an e-mail out due to being on this list
          >improperly than to be able to send the e-mail when they shouldn't be
          >able to.

          So just invert the logic. The idea is still the same.

          # main.cf
          smtpd_delay_reject = yes

          smtpd_restriction_classes = super_senders_only

          super_senders_only =
          check_sender_access hash:/etc/postfix/super_senders
          reject

          smtpd_sender_restrictions =
          check_recipient_access hash:/etc/postfix/restricted_domains

          # restricted_domains
          aol.com super_senders_only
          hotmail.com super_senders_only

          # super_senders
          TheBoss@... OK

          --
          Noel Jones
        • Mark Hennessy
          -- Original Message Begins -- ... So just invert the logic. The idea is still the same. # main.cf smtpd_delay_reject = yes smtpd_restriction_classes =
          Message 4 of 10 , Feb 2, 2007
          • 0 Attachment
            -- Original Message Begins --
            At 11:32 AM 1/31/2007, Mark Hennessy wrote:
            > At present, the solution in use is using smtpd_restriction_classes and
            > applying a set of access rules on explicitly defined users who are not
            > allowed to send to certain domains. For this project, that is not
            > good because if some e-mail address is not in this list of explicitly
            > defined users, they may be able to send e-mail to any of the listed
            > domains with impunity. In this case, it's better for someone to
            > complain that they can't send an e-mail out due to being on this list
            > improperly than to be able to send the e-mail when they shouldn't be
            > able to.

            So just invert the logic. The idea is still the same.

            # main.cf
            smtpd_delay_reject = yes

            smtpd_restriction_classes = super_senders_only

            super_senders_only =
            check_sender_access hash:/etc/postfix/super_senders
            reject

            smtpd_sender_restrictions =
            check_recipient_access hash:/etc/postfix/restricted_domains

            # restricted_domains
            aol.com super_senders_only
            hotmail.com super_senders_only

            # super_senders
            TheBoss@... OK

            --
            Noel Jones

            -- Original Message Ends --

            I just tried that change. It doesn't seem to work. I set up the following:

            in restricted_domains:
            .example.com super_senders_only
            example.com super_senders_only

            in super_senders:
            mark@bogusemailaddress OK

            And in main.cf:
            ###

            smtpd_sender_restrictions = check_recipient_access
            hash:/usr/local/postfix/etc/restricted_senders_new,
            reject_unknown_sender_domain,
            reject_non_fqdn_sender,
            hash:/usr/local/postfix/share/access,
            permit_mynetworks,
            reject_rbl_client sbl-xbl.spamhaus.org

            smtpd_delay_reject = yes
            smtpd_restriction_classes = super_senders_only
            super_senders_only =
            check_sender_access hash:/etc/postfix/super_senders
            reject

            ###

            When I send an e-mail as james@bogusemailaddress to
            mrflibble@..., the e-mail goes through.

            --
            Mark P Hennessy
          • Noel Jones
            ... The dotted form of the domain name is not required unless you have changed the default value of parent_domain_matches_subdomains. But it won t hurt
            Message 5 of 10 , Feb 2, 2007
            • 0 Attachment
              At 01:45 PM 2/2/2007, Mark Hennessy wrote:
              >I just tried that change. It doesn't seem to work. I set up the following:
              >
              >in restricted_domains:
              >.example.com super_senders_only
              >example.com super_senders_only

              The dotted form of the domain name is not required unless you have
              changed the default value of parent_domain_matches_subdomains. But
              it won't hurt anything by being there.


              >in super_senders:
              >mark@bogusemailaddress OK
              >
              >And in main.cf:
              >###
              >
              >smtpd_sender_restrictions = check_recipient_access
              >hash:/usr/local/postfix/etc/restricted_domains,
              >
              >smtpd_delay_reject = yes
              >smtpd_restriction_classes = super_senders_only
              >super_senders_only =
              > check_sender_access hash:/etc/postfix/super_senders
              > reject
              >
              >###
              >
              >When I send an e-mail as james@bogusemailaddress to
              >mrflibble@..., the e-mail goes through.

              Looks OK. Did you:
              - postmap the data files after editing them?
              - "postfix reload" after editing main.cf?
              - check "postconf -n" output to see if you and postfix agree on the
              settings used? (but note the super_senders_only class won't display
              with postconf)
              - check your logs for any warnings?
              - test using an SMTP client (not from shell command line / sendmail)?


              --
              Noel Jones
            • Mark Hennessy
              -- Original Message Begins -- ... The dotted form of the domain name is not required unless you have changed the default value of
              Message 6 of 10 , Feb 2, 2007
              • 0 Attachment
                -- Original Message Begins --
                At 01:45 PM 2/2/2007, Mark Hennessy wrote:
                > I just tried that change. It doesn't seem to work. I set up the following:
                >
                > in restricted_domains:
                > .example.com super_senders_only
                > example.com super_senders_only

                The dotted form of the domain name is not required unless you have
                changed the default value of parent_domain_matches_subdomains. But
                it won't hurt anything by being there.


                > in super_senders:
                > mark@bogusemailaddress OK
                >
                > And in main.cf:
                > ###
                >
                > smtpd_sender_restrictions = check_recipient_access
                > hash:/usr/local/postfix/etc/restricted_domains,
                >
                > smtpd_delay_reject = yes
                > smtpd_restriction_classes = super_senders_only
                > super_senders_only =
                > check_sender_access hash:/etc/postfix/super_senders
                > reject
                >
                > ###
                >
                > When I send an e-mail as james@bogusemailaddress to
                > mrflibble@..., the e-mail goes through.

                Looks OK. Did you:
                - postmap the data files after editing them?
                - "postfix reload" after editing main.cf?
                - check "postconf -n" output to see if you and postfix agree on the
                settings used? (but note the super_senders_only class won't display
                with postconf)
                - check your logs for any warnings?
                - test using an SMTP client (not from shell command line / sendmail)?


                --
                Noel Jones
                -- Original Message Ends --

                1. Yes. Both are postmapped.
                2. Yes, I reloaded postfix.
                3. Yes, postconf -n output shows the restricted_domains
                4. Yes, no warnings
                5. I was using the 'mail' program with FreeBSD logged in as a user
                that is not a
                super_sender. I just tried it from thunderbird and it didn't work, it
                failed as it should. Why would it accept it locally and not from a
                remote client?

                --
                Mark P Hennessy
              • Noel Jones
                ... You probably noticed that these are labeled as smtpd_*_restrictions in main.cf. For some obscure reason smptd_*_restrictions are only applied to mail
                Message 7 of 10 , Feb 2, 2007
                • 0 Attachment
                  At 02:42 PM 2/2/2007, Mark Hennessy wrote:
                  >5. I was using the 'mail' program with FreeBSD logged in as a user
                  >that is not a
                  >super_sender. I just tried it from thunderbird and it didn't work, it
                  >failed as it should. Why would it accept it locally and not from a
                  >remote client?

                  You probably noticed that these are labeled as smtpd_*_restrictions in main.cf.
                  For some obscure reason smptd_*_restrictions are only applied to mail
                  handled by smtpd.

                  --
                  Noel Jones
                • Wietse Venema
                  ... Because smtpd_sender_restrictions etc. apply only to mail that arrives via the SMTP port. Postfix has no equivalent sender restriction mechanism for local
                  Message 8 of 10 , Feb 2, 2007
                  • 0 Attachment
                    Mark Hennessy:
                    > At 01:45 PM 2/2/2007, Mark Hennessy wrote:
                    > > I just tried that change. It doesn't seem to work. I set up the following:
                    > >
                    > > in restricted_domains:
                    > > .example.com super_senders_only
                    > > example.com super_senders_only
                    >
                    > The dotted form of the domain name is not required unless you have
                    > changed the default value of parent_domain_matches_subdomains. But
                    > it won't hurt anything by being there.
                    >
                    >
                    > > in super_senders:
                    > > mark@bogusemailaddress OK
                    > >
                    > > And in main.cf:
                    > > ###
                    > >
                    > > smtpd_sender_restrictions = check_recipient_access
                    > > hash:/usr/local/postfix/etc/restricted_domains,

                    > 5. I was using the 'mail' program with FreeBSD logged in as a user
                    > that is not a
                    > super_sender. I just tried it from thunderbird and it didn't work, it
                    > failed as it should. Why would it accept it locally and not from a
                    > remote client?

                    Because smtpd_sender_restrictions etc. apply only to mail that
                    arrives via the SMTP port.

                    Postfix has no equivalent sender restriction mechanism for local
                    submission via the Postfix sendmail command. For that I would have
                    to change Postfix so that even local submissions use the SMTP port
                    (just like Eric Allman Sendmail does). This simplifies some things
                    (Milter) but complicates other things (how Postfix picks up local
                    mail).

                    Wietse
                  • Mark Hennessy
                    ... Thank you for that explanation, and thank you both for helping me so much to get this project to work. -- Mark P Hennessy
                    Message 9 of 10 , Feb 2, 2007
                    • 0 Attachment
                      Quoting Wietse Venema <wietse@...>:

                      > Mark Hennessy:
                      >> At 01:45 PM 2/2/2007, Mark Hennessy wrote:
                      >> > I just tried that change. It doesn't seem to work. I set up the
                      >> following:
                      >> >
                      >> > in restricted_domains:
                      >> > .example.com super_senders_only
                      >> > example.com super_senders_only
                      >>
                      >> The dotted form of the domain name is not required unless you have
                      >> changed the default value of parent_domain_matches_subdomains. But
                      >> it won't hurt anything by being there.
                      >>
                      >>
                      >> > in super_senders:
                      >> > mark@bogusemailaddress OK
                      >> >
                      >> > And in main.cf:
                      >> > ###
                      >> >
                      >> > smtpd_sender_restrictions = check_recipient_access
                      >> > hash:/usr/local/postfix/etc/restricted_domains,
                      >
                      >> 5. I was using the 'mail' program with FreeBSD logged in as a user
                      >> that is not a
                      >> super_sender. I just tried it from thunderbird and it didn't work, it
                      >> failed as it should. Why would it accept it locally and not from a
                      >> remote client?
                      >
                      > Because smtpd_sender_restrictions etc. apply only to mail that
                      > arrives via the SMTP port.
                      >
                      > Postfix has no equivalent sender restriction mechanism for local
                      > submission via the Postfix sendmail command. For that I would have
                      > to change Postfix so that even local submissions use the SMTP port
                      > (just like Eric Allman Sendmail does). This simplifies some things
                      > (Milter) but complicates other things (how Postfix picks up local
                      > mail).
                      >
                      > Wietse
                      >

                      Thank you for that explanation, and thank you both for helping me so
                      much to get this project to work.

                      --
                      Mark P Hennessy
                    Your message has been successfully submitted and would be delivered to recipients shortly.