On 10/21/2009 10:20 AM, Zachary Burns wrote:
I've received a strange request from management and I'm determined to make
it work....I'm obviously running Postfix (along with ISPConfig to help
manage it with virtual domains on Ubuntu Linux), here's what they'd like to
do.
1.) Keep existing virtual domains the same (allow sending and receiving to
the outside world as normal)
2.) Create a new virtual domain (xyz.com), but allow only certain domains to
email virtual users in this domain (so traffic from test.com -> [email protected]
might be allowed, but traffic back to test.com from [email protected] might be
disallowed).
Essentially, we'd like to control what comes in and out of our domain (yes I
understand this can be spoofed) and any mail inside this new virtual domain
should be attempted to be delivered to a local virtual user in this domain
otherwise if it's allowed to be delivered outside, then do it.
Does all this make theoretical sense? Is it possible?
Zack
Simple cases can be controlled using techniques similar to
what's described in
http://www.postfix.org/RESTRICTION_CLASS_README.html
For more complex access controls, you'll need a policy server
such as postfwd or similar that implements access controls.
Note that such controls operate on the envelope sender &
recipient, which may not be the same as the From: To: headers
displayed to the recipient. To prevent easy spoofing you also
need to require the sender to authenticate, and use
smtpd_sender_login_maps & reject_sender_login_mismatch to
limit spoofing.
-- Noel Jones
