On 12/05/2018 06:57 PM, admin (@awib.it) wrote: > I have a group alias (a...@company.com). > (1) Only company.com accounts should be able to send an email to > everybody in that company via a...@company.com.
Do you have a means to identify "some suitable account was used" - as opposed to a trivially forged sender address - *other* than by watching the actual MUA-to-MSA login happen? (E.g., you might impose a requirement that such e-mails be cryptographically *signed* - per S/MIME, DKIM, or whatever method can be verified automatically later on. Or your MSA might not accept e-mail from outside the LAN and you can globally assign trust to all e-mails that come from it.) If not, then grabbing that info on the MSA and somehow forwarding it securely to all@'s final MTA / MDA to base the filtering on is the best you can do. (And ideally, your organization's MSA and MDA reside within one and the same MTA and you'll have a filtering config/API where you already can evaluate *both* parts of the input information - sending account and that it's to be delivered to all@ - at once.) Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect
smime.p7s
Description: S/MIME Cryptographic Signature
