Loading ...
Sorry, an error occurred while loading the content.
 

Only deliver mail from authorized users, forward others

Expand Messages
  • postfix@...
    Hello, I am trying to setup an email address where only mails from authorized users (defined in a list) would come in and other emails would be forwarded to
    Message 1 of 9 , Dec 27, 2013
      Hello,

      I am trying to setup an email address where only mails from authorized
      users (defined in a list) would come in and other emails would be
      forwarded to another address.

      I was thinking of doing this with a combination of postfix and procmail:
      having postfix delivering all incoming email, then procmail forward and
      delete email not coming form authorized users. Before implementing it I
      was wondering if there is a postfix-only solution to this. BTW my server
      is using virtual mailboxes.

      Thanks in advance,

      Matthieu
    • moparisthebest
      I would implement this with a sieve script, if from is one of these allowed emails, file into mailbox, else forward to another email and delete. I plan on
      Message 2 of 9 , Dec 27, 2013
        I would implement this with a sieve script, if from is one of these allowed emails, file into mailbox, else forward to another email and delete.

        I plan on implementing this exact functionality for my daughter's emails when they are old enough, then they can keep in touch with family and approved friends and no one else. :)

        postfix@... wrote:
            Hello,

        I am trying to setup an email address where only mails from authorized
        users (defined in a list) would come in and other emails would be
        forwarded to another address.

        I was thinking of doing this with a combination of postfix and procmail:
        having postfix delivering all incoming email, then procmail forward and
        delete email not coming form authorized users. Before implementing it I
        was wondering if there is a postfix-only solution to this. BTW my server
        is using virtual mailboxes.

        Thanks in advance,

        Matthieu
      • Jeroen Geilman
        ... To a single address? Local or remote ? Are you only testing the sender address in this ? If so, why are you accepting unauthorized senders at all? Is the
        Message 3 of 9 , Dec 27, 2013
          On 12/27/2013 01:13 PM, postfix@... wrote:
             Hello,

          I am trying to setup an email address where only mails from authorized users (defined in a list) would come in and other emails would be forwarded to another address.

          To a single address? Local or remote ?
          Are you only testing the sender address in this ?
          If so, why are you accepting unauthorized senders at all?

          Is the recipient is irrelevant, i.e. you want a wildcard accept policy ?

          Note that the last option is a definite no-no as far as I am concerned; you want to verify the recipient before you check for authorized senders.

          I was thinking of doing this with a combination of postfix and procmail:
          having postfix delivering all incoming email, then procmail forward and delete email not coming form authorized users. Before implementing it I was wondering if there is a postfix-only solution to this.

          You could use sender_dependent_default_transport_maps: map the authorized senders to DUNNO (thus using whatever it was going to use before) and everything else to a custom transport that sends it wherever you want.

          http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
          -- 
          J.
          
        • postfix@...
          ... Just as in moparisthebest s message this is to filter email coming to my kid s email. This is a single address. Lets call it bill@mydomain.com. Any mail
          Message 4 of 9 , Dec 28, 2013
            On 12/28/2013 1:46 AM, Jeroen Geilman wrote:
            On 12/27/2013 01:13 PM, postfix@... wrote:
               Hello,

            I am trying to setup an email address where only mails from authorized users (defined in a list) would come in and other emails would be forwarded to another address.

            To a single address? Local or remote ?
            Are you only testing the sender address in this ?
            If so, why are you accepting unauthorized senders at all?

            Is the recipient is irrelevant, i.e. you want a wildcard accept policy ?

            Just as in moparisthebest's message this is to filter email coming to my kid's email.

            This is a single address. Lets call it bill@.... Any mail from authorized senders (family, friends, ...) goes to bill's mailbox. Any other mail goes to another mailbox (bob).

            I would indeed be testing the sender's email only for emails going to that particular recipient (bill@...)


            Note that the last option is a definite no-no as far as I am concerned; you want to verify the recipient before you check for authorized senders.

            I was thinking of doing this with a combination of postfix and procmail:
            having postfix delivering all incoming email, then procmail forward and delete email not coming form authorized users. Before implementing it I was wondering if there is a postfix-only solution to this.

            You could use sender_dependent_default_transport_maps: map the authorized senders to DUNNO (thus using whatever it was going to use before) and everything else to a custom transport that sends it wherever you want.

            http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
            -- 
            J.
            

          • Jeroen Geilman
            ... Ah, I entirely missed the part where this was for a single recipient address. In such a use case sieve would probably be the easiest solution. Also very
            Message 5 of 9 , Dec 28, 2013
              On 12/28/2013 10:20 AM, postfix@... wrote:
              On 12/28/2013 1:46 AM, Jeroen Geilman wrote:
              On 12/27/2013 01:13 PM, postfix@... wrote:
                 Hello,

              I am trying to setup an email address where only mails from authorized users (defined in a list) would come in and other emails would be forwarded to another address.

              To a single address? Local or remote ?
              Are you only testing the sender address in this ?
              If so, why are you accepting unauthorized senders at all?

              Is the recipient is irrelevant, i.e. you want a wildcard accept policy ?

              Just as in moparisthebest's message this is to filter email coming to my kid's email.

              This is a single address. Lets call it bill@.... Any mail from authorized senders (family, friends, ...) goes to bill's mailbox. Any other mail goes to another mailbox (bob).

              I would indeed be testing the sender's email only for emails going to that particular recipient (bill@...)


              Note that the last option is a definite no-no as far as I am concerned; you want to verify the recipient before you check for authorized senders.

              I was thinking of doing this with a combination of postfix and procmail:
              having postfix delivering all incoming email, then procmail forward and delete email not coming form authorized users. Before implementing it I was wondering if there is a postfix-only solution to this.

              You could use sender_dependent_default_transport_maps: map the authorized senders to DUNNO (thus using whatever it was going to use before) and everything else to a custom transport that sends it wherever you want.

              http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
              -- 
              J.
              


              Ah, I entirely missed the part where this was for a single recipient address.

              In such a use case sieve would probably be the easiest solution.
              Also very easy to maintain through any managesieve-capable interface.

              -- 
              J.
              
            • Noel Jones
              ... The postfix feature for this is restriction classes. Some examples are in the README: http://www.postfix.org/RESTRICTION_CLASS_README.html Basically, start
              Message 6 of 9 , Dec 28, 2013
                On 12/28/2013 3:20 AM, postfix@... wrote:
                >
                > Just as in moparisthebest's message this is to filter email coming
                > to my kid's email.
                >
                > This is a single address. Lets call it bill@.... Any mail
                > from authorized senders (family, friends, ...) goes to bill's
                > mailbox. Any other mail goes to another mailbox (bob).
                >
                > I would indeed be testing the sender's email only for emails going
                > to that particular recipient (bill@...)
                >

                The postfix feature for this is restriction classes. Some examples
                are in the README:
                http://www.postfix.org/RESTRICTION_CLASS_README.html

                Basically, start with a check_recipient_access table. If it matches
                the protected recipient, call a check_sender_access regexp table
                that returns DUNNO for approved senders, and returns REDIRECT
                bob@... for anyone else.


                You can also do this with a policy server such as postfwd, or a milter.



                -- Noel Jones
              • postfix@...
                OK so I implemented this. I get the check_sender_access part working pretty good but am a little bit confused on how to REDIRECT for anything else in my
                Message 7 of 9 , Jan 4, 2014
                  OK so I implemented this. I get the check_sender_access part working
                  pretty good but am a little bit confused on how to REDIRECT for anything
                  else

                  in my main.cf I have

                  authorized_only = check_sender_access
                  proxy:mysql:/etc/postfix/mysql-authorized_only.cf

                  and in the recipient_access table I have:
                  emailtoprotect@... authorized_only

                  mysql-authorized_only.cf points to a mysql table that matches OK with a
                  handful of addresses .

                  My issue is with the mast vajority of senders that are not explicitly
                  listed in the mysql table.

                  I tried
                  authorized_only = check_sender_access
                  proxy:mysql:/etc/postfix/mysql-authorized_only.cf, REDIRECT
                  otheremail@...
                  but this ends up with 451 4.3.5 Server configuration error

                  I don't want
                  authorized_only = check_sender_access
                  proxy:mysql:/etc/postfix/mysql-authorized_only.cf, reject
                  because that just rejects the email

                  I don't want
                  authorized_only = check_sender_access
                  proxy:mysql:/etc/postfix/mysql-authorized_only.cf, permit
                  because that defeats the prupose of checking the sender address

                  I tried to add a line
                  * REDIRECT otheremailadress@...
                  in the mysql table but that still ends up with 451 4.3.5 Server
                  configuration error

                  In short how can I say that the defualt action if there is no match in
                  check_sender_access is to redirect?

                  Thanks.
                • Noel Jones
                  ... Use a regexp or pcre table, with the last entry a wildcard REDIRECT. -- Noel Jones
                  Message 8 of 9 , Jan 4, 2014
                    On 1/4/2014 3:05 PM, postfix@... wrote:
                    > OK so I implemented this. I get the check_sender_access part working
                    > pretty good but am a little bit confused on how to REDIRECT for
                    > anything else
                    >
                    > in my main.cf I have
                    >
                    > authorized_only = check_sender_access
                    > proxy:mysql:/etc/postfix/mysql-authorized_only.cf
                    >
                    > and in the recipient_access table I have:
                    > emailtoprotect@... authorized_only
                    >
                    > mysql-authorized_only.cf points to a mysql table that matches OK
                    > with a handful of addresses .
                    >
                    > My issue is with the mast vajority of senders that are not
                    > explicitly listed in the mysql table.

                    Use a regexp or pcre table, with the last entry a wildcard REDIRECT.


                    -- Noel Jones
                  • Wietse Venema
                    ... Example: /etc/postfix/main.cf: authorized_only = check_sender_access proxy:mysql:whatever check_sender_access pcre:/etc/postfix/redirect-all.pcre
                    Message 9 of 9 , Jan 4, 2014
                      Noel Jones:
                      > On 1/4/2014 3:05 PM, postfix@... wrote:
                      > > OK so I implemented this. I get the check_sender_access part working
                      > > pretty good but am a little bit confused on how to REDIRECT for
                      > > anything else
                      > >
                      > > in my main.cf I have
                      > >
                      > > authorized_only = check_sender_access
                      > > proxy:mysql:/etc/postfix/mysql-authorized_only.cf
                      > >
                      > > and in the recipient_access table I have:
                      > > emailtoprotect@... authorized_only
                      > >
                      > > mysql-authorized_only.cf points to a mysql table that matches OK
                      > > with a handful of addresses .
                      > >
                      > > My issue is with the mast vajority of senders that are not
                      > > explicitly listed in the mysql table.
                      >
                      > Use a regexp or pcre table, with the last entry a wildcard REDIRECT.

                      Example:

                      /etc/postfix/main.cf:
                      authorized_only =
                      check_sender_access proxy:mysql:whatever
                      check_sender_access pcre:/etc/postfix/redirect-all.pcre

                      pcre:/etc/postfix/redirect-all.pcre:
                      . REDIRECT user@...

                      Wietse
                    Your message has been successfully submitted and would be delivered to recipients shortly.