Transport - Can Postfix do this?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Transport - Can Postfix do this?

Zachary Burns
I've received a strange request from management and I'm determined to make
it work....I'm obviously running Postfix (along with ISPConfig to help
manage it with virtual domains on Ubuntu Linux), here's what they'd like to
do.

1.) Keep existing virtual domains the same (allow sending and receiving to
the outside world as normal)

2.) Create a new virtual domain (xyz.com), but allow only certain domains to
email virtual users in this domain (so traffic from test.com -> [hidden email]
might be allowed, but traffic back to test.com from [hidden email] might be
disallowed).  

Essentially, we'd like to control what comes in and out of our domain (yes I
understand this can be spoofed) and any mail inside this new virtual domain
should be attempted to be delivered to a local virtual user in this domain
otherwise if it's allowed to be delivered outside, then do it.

Does all this make theoretical sense?  Is it possible?

Zack


 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4529 (20091021) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

Reply | Threaded
Open this post in threaded view
|

Re: Transport - Can Postfix do this?

Noel Jones-2
On 10/21/2009 10:20 AM, Zachary Burns wrote:

> I've received a strange request from management and I'm determined to make
> it work....I'm obviously running Postfix (along with ISPConfig to help
> manage it with virtual domains on Ubuntu Linux), here's what they'd like to
> do.
>
> 1.) Keep existing virtual domains the same (allow sending and receiving to
> the outside world as normal)
>
> 2.) Create a new virtual domain (xyz.com), but allow only certain domains to
> email virtual users in this domain (so traffic from test.com ->  [hidden email]
> might be allowed, but traffic back to test.com from [hidden email] might be
> disallowed).
>
> Essentially, we'd like to control what comes in and out of our domain (yes I
> understand this can be spoofed) and any mail inside this new virtual domain
> should be attempted to be delivered to a local virtual user in this domain
> otherwise if it's allowed to be delivered outside, then do it.
>
> Does all this make theoretical sense?  Is it possible?
>
> Zack

Simple cases can be controlled using techniques similar to
what's described in
http://www.postfix.org/RESTRICTION_CLASS_README.html

For more complex access controls, you'll need a policy server
such as postfwd or similar that implements access controls.

Note that such controls operate on the envelope sender &
recipient, which may not be the same as the From: To: headers
displayed to the recipient.  To prevent easy spoofing you also
need to require the sender to authenticate, and use
smtpd_sender_login_maps & reject_sender_login_mismatch to
limit spoofing.

   -- Noel Jones