Restrict users to received outside mails

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Restrict users to received outside mails

Sam Przyswa
Hi,

How to restrict users to received outside mail (from internet) but only
from the local domain/network ?

Thanks in advance for your help.

Sam.



--
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.
For all your IT requirements visit: http://www.transtec.co.uk

Reply | Threaded
Open this post in threaded view
|

Re: Restrict users to received outside mails

mouss-2
Sam Przyswa wrote:
> Hi,
>
> How to restrict users to received outside mail (from internet) but only
> from the local domain/network ?
>

If your goal is to restrict few addresses so that:

- they can only send mail to your own domains (domains in mydestination,
virtual_*_domains and relay_domains).

- the addresses can only be used from mynetworks (outsiders may not use
the address as sender or recipient)

then you can do it like this:

smtpd_restriction_classes =
        ...
        internal_only
        ...

smtpd_sender_restrictions =
        check_sender_access hash:/etc/postfix/restricted_addr
        check_recipient_access hash:/etc/postfix/restricted_addr

internal_only =
        # they can't relay
        reject_unauth_destination
        # they can only be used from mynetworks
        permit_mynetworks
        reject

== restricted_addr
[hidden email] internal_only
local.example.org internal_only


if this is not what you want, explain your goal more clearly. it may be
easier to give examples of what is allowed and what is not. if you can
formulate the goal in a "mathematical logic" style (if blah and blah,
then allow. if blah and blah then reject. ...), do that too.








Reply | Threaded
Open this post in threaded view
|

Re: Restrict users to received outside mails

Sam Przyswa


mouss a écrit :

> Sam Przyswa wrote:
>> Hi,
>>
>> How to restrict users to received outside mail (from internet) but
>> only from the local domain/network ?
>>
>
> If your goal is to restrict few addresses so that:
>
> - they can only send mail to your own domains (domains in
> mydestination, virtual_*_domains and relay_domains).
>
> - the addresses can only be used from mynetworks (outsiders may not
> use the address as sender or recipient)
>
> then you can do it like this:
>
> smtpd_restriction_classes =
>     ...
>     internal_only
>     ...
>
> smtpd_sender_restrictions =
>     check_sender_access hash:/etc/postfix/restricted_addr
>     check_recipient_access hash:/etc/postfix/restricted_addr
>
> internal_only =
>     # they can't relay
>     reject_unauth_destination
>     # they can only be used from mynetworks
>     permit_mynetworks
>     reject
>
> == restricted_addr
> [hidden email]        internal_only
> local.example.org    internal_only
>
>
> if this is not what you want, explain your goal more clearly. it may
> be easier to give examples of what is allowed and what is not. if you
> can formulate the goal in a "mathematical logic" style (if blah and
> blah, then allow. if blah and blah then reject. ...), do that too.

So, I have some user:

[hidden email]
[hidden email]
[hidden email]

in class restricted_users

and I want these user, ONLY these users, able to send and receive mail
to others users on local network and only on @my.domain.com

1 - all user in local network and in domain @my.domain.com can
*send/receive* mail from everywhere.

2 - *restricted_users* DON'T send/receive mails from network except
$mynetworks AND NO *others domains* BUT @my.domain.com

The goal is to restrict *restricted_users* in *local mail only* in
company domain on the LAN area for security reasons.

Sam.




--
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.
For all your IT requirements visit: http://www.transtec.co.uk

Reply | Threaded
Open this post in threaded view
|

Re: Restrict users to received outside mails

mouss-2
Sam Przyswa wrote:

>
>
> mouss a écrit :
>> Sam Przyswa wrote:
>>> Hi,
>>>
>>> How to restrict users to received outside mail (from internet) but
>>> only from the local domain/network ?
>>>
>>
>> If your goal is to restrict few addresses so that:
>>
>> - they can only send mail to your own domains (domains in
>> mydestination, virtual_*_domains and relay_domains).
>>
>> - the addresses can only be used from mynetworks (outsiders may not
>> use the address as sender or recipient)
>>
>> then you can do it like this:
>>
>> smtpd_restriction_classes =
>>     ...
>>     internal_only
>>     ...
>>
>> smtpd_sender_restrictions =
>>     check_sender_access hash:/etc/postfix/restricted_addr
>>     check_recipient_access hash:/etc/postfix/restricted_addr
>>
>> internal_only =
>>     # they can't relay
>>     reject_unauth_destination
>>     # they can only be used from mynetworks
>>     permit_mynetworks
>>     reject
>>
>> == restricted_addr
>> [hidden email]        internal_only
>> local.example.org    internal_only
>>
>>
>> if this is not what you want, explain your goal more clearly. it may
>> be easier to give examples of what is allowed and what is not. if you
>> can formulate the goal in a "mathematical logic" style (if blah and
>> blah, then allow. if blah and blah then reject. ...), do that too.
>
> So, I have some user:
>
> [hidden email]
> [hidden email]
> [hidden email]
>
> in class restricted_users
>
> and I want these user, ONLY these users, able to send and receive mail
> to others users on local network and only on @my.domain.com
>
> 1 - all user in local network and in domain @my.domain.com can
> *send/receive* mail from everywhere.
>
> 2 - *restricted_users* DON'T send/receive mails from network except
> $mynetworks AND NO *others domains* BUT @my.domain.com
>
> The goal is to restrict *restricted_users* in *local mail only* in
> company domain on the LAN area for security reasons.
>


if my understanding is correct, the conf I posted before (the one with
internal_only) matches your needs.

you can put it on a test postfix (or a test smtpd using a specific port)
and see if it's ok for you.