Re: Block users from sending to ALL addresses except for specific addresses
- Thanks rob0, no need to beat me down with the access comment - I simply meant using REJECT within the access file. I have gone over the restriction class readme as well but didnt find an implementation, I am a somewhat new postfix user but able to learn.Yes, my users are untrustworthy and on their own subnet. Ill keep reading and searching for a method.Appreciations.On Thu, Jun 20, 2013 at 5:18 PM, /dev/rob0 <rob0@...> wrote:On Thu, Jun 20, 2013 at 12:23:19PM -0400, linuxknight wrote:IMO, this sounds like you're trying to solve a political problem
> Greetings, I am attempting to limit specific local users from
> sending mail to ALL addresses except members of my management team.
> Basically I want our sales agents to be able to receive important
> emails/bulletins from management, but only be able to reply to and
> send email to the members of management.
using technical means.What is /etc/postfix/access? It has no magical, universal meaning
> Initially I figured I would just block their ability to send
> altogether with /etc/postfix/access
across all of Postfixland. There are many different types of
access(5) lookups which can be done. If you don't understand this,
your chances of solving this problem are poor. This might be a
http://www.postfix.org/SMTPD_ACCESS_README.htmlYou probably already have these untrustworthy staff (!) on an
> but then decided it would be nice to give them the
> ability to email management if necessary. If there are no other
> solutions, I will probably just defer to the latter.
> I have postfix setup so they cant send to or receive email from
> the outside world, I just want to limit WHO they can send email
> TO within the company. Unfortunately many of my staff would abuse
> the privilege if I allowed them to email anyone internally.
isolated and restricted subnet, right? (If not, there may be other
political problems you need to address.) It would be simple to
present clients from that subnet (via a check_client_access lookup)
with a check_recipient_access lookup.
Another idea using sender addresses is here:
But in that case you will also need to force authentication and
maintain smtpd_sender_login_maps. This might be more work than you
will wish to commit to for an untrustworthy staff, which probably
also means high turnover rates.
RESTRICTION_CLASS_README.html has the basics you need in either case.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: