Loading ...
Sorry, an error occurred while loading the content.

Reject emails except some inside a list

Expand Messages
  • Sergio Mira
    Hello, I started a mail server where I manipulate incoming messages through a script. This is 100% working. But my backend (postfix configuration) is very
    Message 1 of 4 , May 3 11:25 AM
    • 0 Attachment
      Hello,

      I started a mail server where I manipulate incoming messages through a script.
      This is 100% working.

      But my "backend" (postfix configuration) is very basic.

      I am now implementing basic security, trying to understand how postfix works and everything.

      First of all, I am trying to reject messages to users that I have created, not to root/apache/mysql or something only for the system.

      I tried to configure aliases. It works, but does not reject system users.

      Then I tried to configure access file, rejecting messages to root/apache/mysql. It worked well, but I am not sure about this is the better way. Even because I dont know if add users to a "unauthorized  users" is better than add "authorized users".

      Is there a way to create a list with authorized users to receive emails and all the others -- in the /etc/passwd -- dont?

      Thanks!

      --
      Regards,
      || --------------------------------------------
      ||        Sergio Henrique Bento de Mira
      ||   _    BSc of Computer Science (in progress)
      ||  °v°   Federal University Of Lavras (UFLA)
      || /(_)\  
      ||  ^ ^   sergiohbmira@...
      ||        http://graduacao.dcc.ufla.br/~shbm95
      || ---------------------------------------------
      || Linux User #497558
      || "Use Linux and be free."
    • Sergio Mira
      ... I am trying to ACCEPT. Sorry! ... -- Regards, ... On Fri, May 3, 2013 at 3:25 PM, Sergio Mira wrote: Hello, I started a mail server
      Message 2 of 4 , May 3 11:26 AM
      • 0 Attachment



        On Fri, May 3, 2013 at 3:25 PM, Sergio Mira <shbmira@...> wrote:
        Hello,

        I started a mail server where I manipulate incoming messages through a script.
        This is 100% working.

        But my "backend" (postfix configuration) is very basic.

        I am now implementing basic security, trying to understand how postfix works and everything.

        First of all, I am trying to reject messages to users that I have created, not to root/apache/mysql or something only for the system.

        I am trying to ACCEPT.
        Sorry!


        I tried to configure aliases. It works, but does not reject system users.

        Then I tried to configure access file, rejecting messages to root/apache/mysql. It worked well, but I am not sure about this is the better way. Even because I dont know if add users to a "unauthorized  users" is better than add "authorized users".

        Is there a way to create a list with authorized users to receive emails and all the others -- in the /etc/passwd -- dont?

        Thanks!

        --
        Regards,
        || --------------------------------------------
        ||        Sergio Henrique Bento de Mira
        ||   _    BSc of Computer Science (in progress)
        ||  °v°   Federal University Of Lavras (UFLA)
        || /(_)\  
        ||  ^ ^   sergiohbmira@...
        ||        http://graduacao.dcc.ufla.br/~shbm95
        || ---------------------------------------------
        || Linux User #497558
        || "Use Linux and be free."



        --
        Regards,
        || --------------------------------------------
        ||        Sergio Henrique Bento de Mira
        ||   _    BSc of Computer Science (in progress)
        ||  °v°   Federal University Of Lavras (UFLA)
        || /(_)\  
        ||  ^ ^   sergiohbmira@...
        ||        http://graduacao.dcc.ufla.br/~shbm95
        || ---------------------------------------------
        || Linux User #497558
        || "Use Linux and be free."
      • Ansgar Wiechers
        ... You re looking for $local_recipient_maps. The default value of that parameter includes not only the alias maps, but also the passwd file
        Message 3 of 4 , May 4 3:31 PM
        • 0 Attachment
          On 2013-05-03 Sergio Mira wrote:
          > I started a mail server where I manipulate incoming messages through a
          > script.
          > This is 100% working.
          >
          > But my "backend" (postfix configuration) is very basic.
          >
          > I am now implementing basic security, trying to understand how postfix
          > works and everything.
          >
          > First of all, I am trying to reject messages to users that I have
          > created, not to root/apache/mysql or something only for the system.
          >
          > I tried to configure aliases. It works, but does not reject system
          > users.
          >
          > Then I tried to configure access file, rejecting messages to
          > root/apache/mysql. It worked well, but I am not sure about this is the
          > better way. Even because I dont know if add users to a "unauthorized
          > users" is better than add "authorized users".
          >
          > Is there a way to create a list with authorized users to receive
          > emails and all the others -- in the /etc/passwd -- dont?

          You're looking for $local_recipient_maps. The default value of that
          parameter includes not only the alias maps, but also the passwd file
          (proxy:unix:passwd.byname). Add the following line to your main.cf:

          local_recipient_maps = $alias_maps

          and include a mapping for all valid (local) recipients in $alias_maps:

          userA: userA
          userB: userB
          ...

          Regards
          Ansgar Wiechers
          --
          "Abstractions save us time working, but they don't save us time learning."
          --Joel Spolsky
        • Sergio Mira
          Thanks, Ansgar Wiechers! I created a permitted users list and I mapped this list in $smtpd_restriction_classes. In the $check_recipient_access I set the hash
          Message 4 of 4 , May 4 3:48 PM
          • 0 Attachment
            Thanks, Ansgar Wiechers!

            I created a permitted users list and I mapped this list in $smtpd_restriction_classes.
            In the $check_recipient_access I set the hash for absolute path to this list.

            But I'll try the way you suggested to choose the best.

            :)


            On Sat, May 4, 2013 at 7:31 PM, Ansgar Wiechers <lists@...> wrote:
            On 2013-05-03 Sergio Mira wrote:
            > I started a mail server where I manipulate incoming messages through a
            > script.
            > This is 100% working.
            >
            > But my "backend" (postfix configuration) is very basic.
            >
            > I am now implementing basic security, trying to understand how postfix
            > works and everything.
            >
            > First of all, I am trying to reject messages to users that I have
            > created, not to root/apache/mysql or something only for the system.
            >
            > I tried to configure aliases. It works, but does not reject system
            > users.
            >
            > Then I tried to configure access file, rejecting messages to
            > root/apache/mysql. It worked well, but I am not sure about this is the
            > better way. Even because I dont know if add users to a "unauthorized
            > users" is better than add "authorized users".
            >
            > Is there a way to create a list with authorized users to receive
            > emails and all the others -- in the /etc/passwd -- dont?

            You're looking for $local_recipient_maps. The default value of that
            parameter includes not only the alias maps, but also the passwd file
            (proxy:unix:passwd.byname). Add the following line to your main.cf:

            local_recipient_maps = $alias_maps

            and include a mapping for all valid (local) recipients in $alias_maps:

            userA: userA
            userB: userB
            ...

            Regards
            Ansgar Wiechers
            --
            "Abstractions save us time working, but they don't save us time learning."
            --Joel Spolsky



            --
            Regards,
            || --------------------------------------------
            ||        Sergio Henrique Bento de Mira
            ||   _    BSc of Computer Science (in progress)
            ||  °v°   Federal University Of Lavras (UFLA)
            || /(_)\  
            ||  ^ ^   sergiohbmira@...
            ||        http://graduacao.dcc.ufla.br/~shbm95
            || ---------------------------------------------
            || Linux User #497558
            || "Use Linux and be free."
          Your message has been successfully submitted and would be delivered to recipients shortly.