Loading ...
Sorry, an error occurred while loading the content.

Re: Block users from sending to ALL addresses except for specific addresses

Expand Messages
  • /dev/rob0
    ... IMO, this sounds like you re trying to solve a political problem using technical means. ... What is /etc/postfix/access? It has no magical, universal
    Message 1 of 3 , Jun 20, 2013
    • 0 Attachment
      On Thu, Jun 20, 2013 at 12:23:19PM -0400, linuxknight wrote:
      > Greetings, I am attempting to limit specific local users from
      > sending mail to ALL addresses except members of my management team.
      >
      > Basically I want our sales agents to be able to receive important
      > emails/bulletins from management, but only be able to reply to and
      > send email to the members of management.

      IMO, this sounds like you're trying to solve a political problem
      using technical means.

      > Initially I figured I would just block their ability to send
      > altogether with /etc/postfix/access

      What is /etc/postfix/access? It has no magical, universal meaning
      across all of Postfixland. There are many different types of
      access(5) lookups which can be done. If you don't understand this,
      your chances of solving this problem are poor. This might be a
      starting point:

      http://www.postfix.org/SMTPD_ACCESS_README.html

      > but then decided it would be nice to give them the
      > ability to email management if necessary. If there are no other
      > solutions, I will probably just defer to the latter.
      >
      > I have postfix setup so they cant send to or receive email from
      > the outside world, I just want to limit WHO they can send email
      > TO within the company. Unfortunately many of my staff would abuse
      > the privilege if I allowed them to email anyone internally.

      You probably already have these untrustworthy staff (!) on an
      isolated and restricted subnet, right? (If not, there may be other
      political problems you need to address.) It would be simple to
      present clients from that subnet (via a check_client_access lookup)
      with a check_recipient_access lookup.

      Another idea using sender addresses is here:

      http://www.postfix.org/RESTRICTION_CLASS_README.html#external

      But in that case you will also need to force authentication and
      maintain smtpd_sender_login_maps. This might be more work than you
      will wish to commit to for an untrustworthy staff, which probably
      also means high turnover rates.

      RESTRICTION_CLASS_README.html has the basics you need in either case.
      --
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • linuxknight
      Thanks rob0, no need to beat me down with the access comment - I simply meant using REJECT within the access file. I have gone over the restriction class
      Message 2 of 3 , Jun 20, 2013
      • 0 Attachment
        Thanks rob0, no need to beat me down with the access comment - I simply meant using REJECT within the access file.  I have gone over the restriction class readme as well but didnt find an implementation, I am a somewhat new postfix user but able to learn.

        Yes, my users are untrustworthy and on their own subnet.  Ill keep reading and searching for a method.  

        Appreciations.


        On Thu, Jun 20, 2013 at 5:18 PM, /dev/rob0 <rob0@...> wrote:
        On Thu, Jun 20, 2013 at 12:23:19PM -0400, linuxknight wrote:
        > Greetings, I am attempting to limit specific local users from
        > sending mail to ALL addresses except members of my management team.
        >
        > Basically I want our sales agents to be able to receive important
        > emails/bulletins from management, but only be able to reply to and
        > send email to the members of management.

        IMO, this sounds like you're trying to solve a political problem
        using technical means.

        > Initially I figured I would just block their ability to send
        > altogether with /etc/postfix/access

        What is /etc/postfix/access? It has no magical, universal meaning
        across all of Postfixland. There are many different types of
        access(5) lookups which can be done. If you don't understand this,
        your chances of solving this problem are poor. This might be a
        starting point:

        http://www.postfix.org/SMTPD_ACCESS_README.html

        > but then decided it would be nice to give them the
        > ability to email management if necessary. If there are no other
        > solutions, I will probably just defer to the latter.
        >
        > I have postfix setup so they cant send to or receive email from
        > the outside world, I just want to limit WHO they can send email
        > TO within the company. Unfortunately many of my staff would abuse
        > the privilege if I allowed them to email anyone internally.

        You probably already have these untrustworthy staff (!) on an
        isolated and restricted subnet, right? (If not, there may be other
        political problems you need to address.) It would be simple to
        present clients from that subnet (via a check_client_access lookup)
        with a check_recipient_access lookup.

        Another idea using sender addresses is here:

        http://www.postfix.org/RESTRICTION_CLASS_README.html#external

        But in that case you will also need to force authentication and
        maintain smtpd_sender_login_maps. This might be more work than you
        will wish to commit to for an untrustworthy staff, which probably
        also means high turnover rates.

        RESTRICTION_CLASS_README.html has the basics you need in either case.
        --
          http://rob0.nodns4.us/ -- system administration and consulting
          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

      Your message has been successfully submitted and would be delivered to recipients shortly.