Protecting mail addresses using check_sasl_access

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Protecting mail addresses using check_sasl_access

Nikolaos Milas
Hello,

Since Postfix is now (since v2.11) providing more extensive sasl access
restrictions, we are considering using the following model to protect
particular addresses so that only specific users can send mail to them:

    /etc/postfix/main.cf:
       ...
       allowed_list1= check_sasl_access
    hash:/etc/postfix/allowed_users,reject

       smtpd_recipient_restrictions =
         check_recipient_access hash:/etc/postfix/protected_destinations
         permit_sasl_authenticated
         reject_unverified_recipient
         reject_unauth_destination
       ...

    /etc/postfix/protected_destinations:
       [hidden email]    allowed_list1
       [hidden email]    allowed_list1
       [hidden email]    allowed_list1
       ...

    /etc/postfix/allowed_users:
       john.doe    OK
       jackpot     OK
       thechief    OK

All users will be required to be SASL-authenticated, and, consequently,
the above approach (restricting via check_sasl_access) would be much
better/versatile than the one we are currently using (restricting via
check_client_access and associated lists of allowed IP Addresses),
because it would focus on individual users, wherever they may be, and
not on their (network) location.

Can you please confirm that this is a valid configuration?

Any other suggestions, pitfalls and/or comments?

Thanks in advance,
Nick

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Protecting mail addresses using check_sasl_access

Nikolaos Milas
On 26/7/2017 2:09 μμ, Nikolaos Milas wrote:

> /etc/postfix/protected_destinations:
> privlist1@example.comallowed_list1
> privlist1@example.comallowed_list1
> privlist1@example.comallowed_list1

Hmm, sorry, this part was meant to be:

     /etc/postfix/protected_destinations:
        [hidden email]    allowed_list1
        [hidden email]    allowed_list1
        [hidden email]    allowed_list1

Nick
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Protecting mail addresses using check_sasl_access

Nikolaos Milas
In reply to this post by Nikolaos Milas
On 26/7/2017 2:09 μμ, Nikolaos Milas wrote:

> Can you please confirm that this is a valid configuration?

In the meantime I tested this configuration and it does work fine (as I
expected)!

> Any other suggestions, pitfalls and/or comments?

I surely appreciate any suggestions, pitfalls and/or comments on this
approach!

Cheers,
Nick

Loading...