Read Only account

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Read Only account

@lbutlr
How would I configure a user so that they could only read mail and not send any mail (even to local users).

Reply | Threaded
Open this post in threaded view
|

Re: Read Only account

Kevin A. McGrail
On 4/20/2018 3:40 PM, @lbutlr wrote:
> How would I configure a user so that they could only read mail and not send any mail (even to local users).
>
Different auth for POP or IMAP vs SMTP?


Reply | Threaded
Open this post in threaded view
|

Re: Read Only account

/dev/rob0
On Fri, Apr 20, 2018 at 03:53:17PM -0400, Kevin A. McGrail wrote:
> On 4/20/2018 3:40 PM, @lbutlr wrote:
> > How would I configure a user so that they could only read mail
> > and not send any mail (even to local users).
> >
> Different auth for POP or IMAP vs SMTP?

Or in the SASL backend, have this user's credentials not be valid for
SMTP, or in Postfix a check_sasl_access lookup to reject this user's
mail.  Lots of ways.  These will also necessitate that you require
your users to AUTH; no permit_mynetworks nor similar IP-based relay
allowances.

If perchance this is a shell user, don't forget to exclude him/her
from your authorized_submit_users, to prevent sendmail submission.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Read Only account

Viktor Dukhovni
In reply to this post by @lbutlr


> On Apr 20, 2018, at 3:40 PM, @lbutlr <[hidden email]> wrote:
>
> How would I configure a user so that they could only read mail and not send any mail (even to local users).

If you accept mail from strangers on port 25, and the user can reach
port 25 on your inbound MX host, then you can't prevent him from
impersonating some stranger.  Authentication on port 25 is not
required.  You could firewall-off inbound port 25 from hosts on
your network, forcing the user to go off-site to send the "forbidden"
email.

--
--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Read Only account

chaouche yacine
I use rob0's second suggestion which is using a map, it doesn't require that the user is authenticated.


in main.cf

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/reject_senders





in maps/reject_senders

qq.com  REJECT               # Reject any mail from the qq.com domain (any user)
[hidden email] REJECT   # Reject any mail from [hidden email]


Yassine.

















On Friday, April 20, 2018, 9:44:52 PM GMT+1, Viktor Dukhovni <[hidden email]> wrote:







> On Apr 20, 2018, at 3:40 PM, @lbutlr <[hidden email]> wrote:
>
> How would I configure a user so that they could only read mail and not send any mail (even to local users).


If you accept mail from strangers on port 25, and the user can reach
port 25 on your inbound MX host, then you can't prevent him from
impersonating some stranger.  Authentication on port 25 is not
required.  You could firewall-off inbound port 25 from hosts on
your network, forcing the user to go off-site to send the "forbidden"
email.

--
--
    Viktor.