Bijan Soleymani wrote: > Bijan Soleymani wrote: >> Alessandro Vesely wrote: >>> Gordon Messmer wrote: >>>> On 11/06/2009 02:50 AM, Alexander Erameh wrote: >>>>> Is there a way to restrict some local users to sending local Mails >>>>> only? That is they cannot send external Mails. >>>> You could always write your own policy by using the courierfilter >>>> interface.
>>> Besides implementation concerns, how practical would it be to use >>> SMTP AUTH for delivering? For example, rather than SPF-whitelist a >>> number of forwarders, it is possible to give them userid/pass with a >>> very restrictive policy, for better control. Has anybody tried? >> This is a good point. If courier supports PAM (which I think it does) >> then you could use a module to check if the user that is trying to send >> mail is in a "sendmail" group and only allow access for those users. It's easier with virtual users, as one can add attributes at will for the purpose of describing local policies. > Actually I guess that wouldn't work unless courier had some local > program to send mail. Since you can't really determine the user's uid, > if he is connecting to courier on port 25 or whatever. Virtual users share the same uid. Senders who don't authenticate get standard filtering and no relaying privileges. External senders who wish to be whitelisted from filtering would have to register in order to obtain that. (Automating such registrations implies further implementation concerns, that I still leave aside.) In this scenario, the policy may be even more restrictive than that for anonymous port-25 senders, as it should only allow the subset of local recipients that are interested in that particular whitelisted forwarding. > I guess you could write a program to send mail (using SMTP auth) and > only allow users from a certain group to access it, but that wouldn't be > that secure. Users with terminal access can always telnet to external hosts using whatever program they like. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
