LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 05-03-2010, 02:49 PM   #1
andrewggrant
LQ Newbie
 
Registered: May 2010
Posts: 9

Rep: Reputation: 0
How to limit who can send to an email account (postfix, amavis, OS X 10.6)…


Hello all,

I have just setup an OS X 10.6 server and manually configured the aliases, spam assassin, and amavisd.conf. This is my first foray into working with a mail server so I may be missing some basic concepts. I am hoping you will be able to assist me.

I want to be able to limit/restrict who or what email accounts are able to send to our internal mailing lists/alias groups listed in the /etc/postfix/aliases file.

I would like to limit several accounts like so:

account1@mydomain.com - Send Only (will reject all email sent to it)
account2@mydomain.com - Receive email from abc@mydomain.com & def@mydomain.com only, all other addresses attempting to send to this account will be rejected / blocked.
everyone@mydomain.com - Only receive email from a list of 5 email accounts.

I hope this makes sense. I have forced all users to login to send/receive email. I am hoping that these credentials can be used to validate their ability to use the above email mail lists / alias groups for sending internal email to many accounts at once.

My only experience so far with restrictions was to create a policy in Postfix' main.cf that restricts certain accounts from sending email outside of our domain like so:

smtpd_restriction_classes = allowed_only
allowed_only = check_recipient_access hash:/etc/postfix/allowed_domains, reject
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders permit_sasl_authenticated reject_unauth_destination permit


I am hoping someone can enlighten me as to how to similarly restrict who is able to send email to specific internal accounts / aliases / alias groups.

Last edited by andrewggrant; 05-03-2010 at 02:50 PM.
 
Old 05-03-2010, 03:32 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Off the top of my head I don't know a way to do this in postfix, although you could probably implement some version of this with a custom procmail script. For complex usage I generally recommend using exim as it's a lot (read: ~alot~) more flexible than sendmail and postfix in doing just about anything you could possibly want to do with mail... postfix isn't quite so flexible, its designed to put security as its major concern and you lose some flexibility because of that.
 
Old 05-03-2010, 06:51 PM   #3
andrewggrant
LQ Newbie
 
Registered: May 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Since I am so new to these forums, I decided to post more information in the hopes that it would help a more skilled Postfix user.

Here is what I have so far in the main.cf:

smtpd_restriction_classes = allowed_only, everyone_access, send_only,
mgmt_access

allowed_only = check_recipient_access hash:/etc/postfix/allowed_domains, reject
everyone_access = check_recipient_access
hash:/etc/postfix/everyone_access, reject
send_only = check_recipient_access hash:/etc/postfix/send_only, reject
mgmt_access = check_recipient_access hash:/etc/postfix/mgmt_access, reject

smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders check_recipient_access
hash:/etc/postfix/restricted_recipients permit_sasl_authenticated
reject_unauth_destination

restricted_senders FILE CONTENTS:
acct1@mydomain.com allowed_only
acct2@mydomain.com allowed_only
acct3@mydomain.com allowed_only
acct4@mydomain.com allowed_only

restricted_recipients FILE CONTENTS:
acct10@mydomain.com send_only
acct11@mydomain.com everyone_access
acct12@mydomain.com mgmt_access
acct13@mydomain.com send_only
acct14@mydomain.com mgmt_team

allowed_domains FILE CONTENTS:
mydomain.com OK

everyone_access FILE CONTENTS:
acct20@mydomain.com OK
acct21@mydomain.com OK

send_only FILE CONTENTS:
<blank… Nothing in the File>

mgmt_access FILE CONTENTS:
acct30@mydomain.com OK


OUTPUT from postconf -n COMMAND:
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
header_checks = pcre:/etc/postfix/custom_header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mail_owner = _postfix
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = mydomain.com
mydomain_fallback = localhost
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8,127.0.0.1/32,10.1.2.241
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost = msg.mydomain.com
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtpd_client_restrictions = permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_pw_server_security_options = cram-md5,gssapi
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders check_recipient_access hash:/etc/postfix/restricted_recipients permit_sasl_authenticated reject_unauth_destination
smtpd_restriction_classes = allowed_only, everyone_access, send_only, mgmt_access
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/certificates/mail.mydomain.com.A2124A801965D56ECA8EFA8240C82E7D9F4D73F0.chain.pem
smtpd_tls_cert_file = /etc/certificates/mail.mydomain.com.A2124A801965D56ECA8EFA8240C82E7D9F4D73F0.cert.pem
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /etc/certificates/mail.mydomain.com.A2124A801965D56ECA8EFA8240C82E7D9F4D73F0.key.pem
smtpd_use_pw_server = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =


I hope this helps.
 
Old 05-10-2010, 02:27 PM   #4
andrewggrant
LQ Newbie
 
Registered: May 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Solution:

It seems that I did not define "restricted_senders" and
"restricted_recipients" in my "smtpd_restriction_classes" line.

Once those two were added, and the "mgmt_access" was chnged to
"check_sender_access" everything worked just great.
 
Old 05-10-2010, 02:27 PM   #5
andrewggrant
LQ Newbie
 
Registered: May 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Solution:

It seems that I did not define "restricted_senders" and
"restricted_recipients" in my "smtpd_restriction_classes" line.

Once those two were added, and the "mgmt_access" was chnged to
"check_sender_access" everything worked just great.
 
Old 02-17-2011, 02:23 AM   #6
lqtung
LQ Newbie
 
Registered: Feb 2011
Posts: 1

Rep: Reputation: 0
only some user can send mail to alias

I have the same problem as andrewggrant. I want grant only one email admin@abc.gov.vn can send email to everyone@abc.gov.vn.
All other email send to everyone@abc.gov.vn will be reject.
Are you solve this problem? I hope you can help me, thank so much.
 
  


Reply

Tags
amavis, email, postfix, restrict


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix: forward all account email within domain to another email account? 18Googol2 Linux - Software 3 03-04-2011 01:10 PM
how to make postfix send email to another postfix in local network (LAN)? h4k33m Linux - Server 7 01-19-2009 04:26 PM
Postfix: cant send email from my Windows pc using my postfix mailserver elvisious Linux - Software 8 08-01-2008 07:01 PM
Qmail - Limit email send max_tcs Linux - Server 3 10-18-2007 04:47 AM
account and email attachment limit red_phoenix Debian 2 09-16-2003 03:22 AM


All times are GMT -5. The time now is 12:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration