LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 06-21-2010, 10:40 AM   #1
3rods
Member
 
Registered: Mar 2008
Posts: 70

Rep: Reputation: 16
Question How can I create a user account filter with postfix?


I am using this config.

I'm looking to create a white-list of email addresses that are allowed to send mail to my son's email address. Basically, I'm trying to do this:

if from not in ('dad@home.net','mom@home.net','unclebill@work.org')
then deliver to 'dad@home.net'

Or deliver to /dev/null or something.

This would be only for his account/domain, not server-wide.

The configuration above uses MySQL for forwarding and authentication. I'm not sure if that is a plus or minus for what I'm trying to do.

Any ideas would be appreciated; even if your a newb like me and have no idea what you're doing...
 
Old 06-22-2010, 09:04 PM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
You can do something similar to this. You would put your son's email address in the protected_destinations file of the example, and the whitelisted addresses in insiders. Mail to your son's address would be rejected unless the sender is in the whitelist.
 
Old 06-23-2010, 12:33 AM   #3
3rods
Member
 
Registered: Mar 2008
Posts: 70

Original Poster
Rep: Reputation: 16
Forward

That looks pretty good. What would I do if I wanted to forward to another email instead of reject?

Add another option?

insiders_only = check_sender_access hash:/etc/postfix/insiders, forward_handler, reject

I know little about postfix, just guessing here.
 
Old 06-23-2010, 12:07 PM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
You'd have to do something like this, which is incorrect, so read the entire post:
Code:
#/etc/postfix/insiders
#

dad@home.net         OK
mom@home.net         OK
unclebill@work.org   OK

# redirect to dad if sent from anyone else
*                    REDIRECT    dad@home.net
This is incorrect because you cannot have a catch-all in a hash table (someone
correct me if I'm wrong). But, you can do it using a pcre table, for example.

Code:
#/etc/postfix/insiders
#

# this is a pcre table. change the main.cf setting in the example to
# insiders_only = check_sender_access pcre:/etc/postfix/insiders, reject

/^dad@home.net$/         OK
/^mom@home.net$/         OK
/^unclebill@work.org$/   OK
/./                      REDIRECT    dad@home.net
 
Old 06-23-2010, 02:02 PM   #5
3rods
Member
 
Registered: Mar 2008
Posts: 70

Original Poster
Rep: Reputation: 16
Very awesome. Going to try this out now and let you know.
 
Old 06-23-2010, 04:40 PM   #6
3rods
Member
 
Registered: Mar 2008
Posts: 70

Original Poster
Rep: Reputation: 16
On the cusp of perfection here. It rejects emails instead of redirecting them. Not sure why. here is the file:

Code:
#/etc/postfix/insiders
#

# this is a pcre table. change the main.cf setting in the example to
# insiders_only = check_sender_access pcre:/etc/postfix/insiders, reject


/^user@domain.com$/     OK
/./                     REDIRECT user@domain2.com

Here is a bit of the log.


Code:
Jun 23 18:38:20 mail postfix/postfix-script[23222]: refreshing the Postfix mail system
Jun 23 18:38:20 mail postfix/master[14085]: reload -- version 2.7.0, configuration /etc/postfix
Jun 23 18:38:55 mail postfix/smtpd[23655]: connect from XXXXXXXXXXXXXXXXXXXX.net[76.XX.XX.XX]
Jun 23 18:38:55 mail postfix/smtpd[23655]: NOQUEUE: redirect: RCPT from XXXXXXXXXXXXXXXXXXXX.net[76.XX.XX.XX8]: <XXXX@domain1.net>: Sender address triggers REDIRECT user@domainredirect.com; from=<XXXX@domain1.net> to=<user@intendeduser.com> proto=ESMTP helo=<XXXXXXXXXXXXXX.net>
Jun 23 18:38:55 mail postfix/smtpd[23655]: NOQUEUE: reject: RCPT from XXXXXXXXXXXXXXXXXXXXXXXXXXX.net[76.XX.XX.XX]: 554 5.7.1 <user@intendeduser.com>: Recipient address rejected: Access denied; from=<XXXX@domain1.net> to=<user@intendeduser.com> proto=ESMTP helo=<XXXXXXXXXXXXXXXXXXXXXXXXXXXX.net>

Last edited by 3rods; 06-23-2010 at 06:44 PM. Reason: add log
 
Old 06-23-2010, 09:27 PM   #7
3rods
Member
 
Registered: Mar 2008
Posts: 70

Original Poster
Rep: Reputation: 16
Ok, if you remove the "reject" from this:
Code:
insiders_only = check_sender_access pcre:/etc/postfix/insiders, reject
And make it:

Code:
insiders_only = check_sender_access pcre:/etc/postfix/insiders
Messages get delivered to the redirect and not rejected. I'm guessing this is because we are actually never rejecting any messages and creating a catch all.

It also looks like you can explicitly imply a REJECT action within the file and still have the message trickle down to the catch all if it does not match the rule - which is good.

Thanks for your help!
 
Old 06-23-2010, 09:54 PM   #8
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
that's correct. excellent work, 3rods.
but, not for the reason you gave. we are creating a catchall for the sender,
not for the recipients, and only when message are sent to a certain address.
for example, if you sent a message to nonexistent@home.net (assuming home.net
is local to the mail server), then mail would be rejected.

the reason is mentioned in the discussion here.
it means that a REDIRECT action does not stop the key lookup in the access list, which in our case, continues with the
reject rule.
 
  


Reply

Tags
email, filter, postfix, whitelist


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to create new user account rachala2 Linux - Newbie 2 01-04-2009 02:29 AM
How to create user account in Sendmail?? redhat_vishipel Linux - Networking 2 09-28-2006 03:50 PM
linux create user account deus1 Linux - General 2 06-04-2005 07:32 PM
Create a New Super user account blazted Linux - Newbie 6 02-13-2005 04:56 PM
cannot create new user account kpachopoulos Linux - Newbie 4 08-17-2004 08:38 AM


All times are GMT -5. The time now is 06:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration