Loading ...
Sorry, an error occurred while loading the content.

Re: Limit an account to 1 email address

Expand Messages
  • mouss
    ... maybe OP is trying to say: this sender can only send to a specifc email address. if so, restriction classes can help:
    Message 1 of 5 , Dec 9, 2012
    • 0 Attachment
      Le 09/12/2012 11:28, Reindl Harald a écrit :
      >
      > Am 09.12.2012 03:16, schrieb Grant:
      >> Each of my systems sends alerts to my mail server for delivery to my email address through a special user account
      >> on my mail server with no shell account which is only used for this purpose. Can I limit all mail sent by
      >> authenticating through this user account so that it can only be delivered to my email address? The user's password
      >> is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used
      >> to send mail to my address.
      > do you mean a catch-all address?
      > sorry but the decription of your goal is weird
      >

      maybe OP is trying to say: this sender can only send to a specifc email
      address. if so, restriction classes can help:
      http://www.postfix.org/RESTRICTION_CLASS_README.html

      if not, OP is invited to state his goal with an example.
    • Grant
      ... email address through a special user account ... purpose. Can I limit all mail sent by ... delivered to my email address? The user s password ... figure
      Message 2 of 5 , Dec 9, 2012
      • 0 Attachment
        > >> Each of my systems sends alerts to my mail server for delivery to my email address through a special user account
        > >> on my mail server with no shell account which is only used for this purpose.  Can I limit all mail sent by
        > >> authenticating through this user account so that it can only be delivered to my email address?  The user's password
        > >> is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used
        > >> to send mail to my address.
        > > do you mean a catch-all address?
        > > sorry but the decription of your goal is weird
        > >
        >
        > maybe OP is trying to say: this sender can only send to a specifc email
        > address. if so, restriction classes can help:
        >     http://www.postfix.org/RESTRICTION_CLASS_README.html
        >
        > if not, OP is invited to state his goal with an example.

        I'm sorry for the weird description.  I want to send email alerts from each of my systems to my own email address.  To do this, I've created a special user on my mail server and put that user's password in ssmtp.conf on each of my systems.  Since this is not a secure way to store a password, I'd like to lock down the special user on my mail server so that any mail client authenticating as that user can only send email to my email address.  That way the password doesn't need to be secure.

        - Grant
      • Noel Jones
        ... To really lock this down requires two steps: 1 - limit the credentials to a specific sender address. 2 - limit the sender address to a specific recipient.
        Message 3 of 5 , Dec 9, 2012
        • 0 Attachment
          On 12/9/2012 2:35 PM, Grant wrote:
          > I'm sorry for the weird description. I want to send email alerts
          > from each of my systems to my own email address. To do this, I've
          > created a special user on my mail server and put that user's
          > password in ssmtp.conf on each of my systems. Since this is not a
          > secure way to store a password, I'd like to lock down the special
          > user on my mail server so that any mail client authenticating as
          > that user can only send email to my email address. That way the
          > password doesn't need to be secure.
          >
          > - Grant


          To really lock this down requires two steps:
          1 - limit the credentials to a specific sender address.
          2 - limit the sender address to a specific recipient.

          something like:
          # main.cf
          smtpd_sender_login_maps = hash:/etc/postfix/sender_login
          smtpd_sender_restrictions =
          reject_sender_login_mismatch
          check_sender_access hash:/etc/postfix/limited_sender

          # sender_login
          user@... user_login_name

          #limited_sender
          user@... REDIRECT target@...

          http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
          http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
          http://www.postfix.org/postconf.5.html#check_sender_access
          http://www.postfix.org/access.5.html

          The reject_sender_login_mismatch will limit which MAIL FROM can be
          used with the credentials.
          The REDIRECT will capture all mail from that sender and direct it to
          the specified user, regardless of where it was originally addressed.

          Rather than the REDIRECT, some folks might prefer to use a
          restriction class to reject mail addressed to the wrong recipient.
          http://www.postfix.org/RESTRICTION_CLASS_README.html

          And as a final option, you can do all this and more in an external
          policy service. (eg. postfwd)
          http://www.postfix.org/SMTPD_POLICY_README.html




          -- Noel Jones
        Your message has been successfully submitted and would be delivered to recipients shortly.