Le 30/01/2011 22:31, Daniel Bromberg a écrit :
> Hi,
>
> I've recently started using postfix several weeks ago to run my e-mail
> services. Using spamassassin/spamd, greylists/SQLgrey, several RBLs,
> multiple domains, virtual users against MySQL tables in multiple
> domains, so somewhat knowledgeable, but mostly not.
>
> One of the companies I administrate has a policy that users submitting
> outgoing mail via submission/SSL/465 can only use the server to submit
> 'MAIL FROM:' their SASL authenticated username, so they cannot do
> non-company business as a different e-mail identity through the server.
>
> This is turning out to be harder than I thought however.
>
> A. IIUC, check_sender_access applies to all mail received, whether
> intended for local delivery via smtp/unencrypted/25 or intended for
> outbound relaying via submission/SSL/465.
>
In addition to Noel's answer, maybe you can also use something like this:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/our_sender
reject_unauth_destination
== our_sender:
example.com OK
.example.com OK
with this, no relay is allowed for addresses not of the form
*@example.com or *@*.example.com. so your users can use an external
address but only if sending to domains that your postfix delivers or
relays mail to.
if this is not enough, ovberride smtpd restrictions in master.cf:
smtps ...
-o smtpd_sender_restrictions=${smtps_sender_restrictions}
and in main.cf, define
smtps_sender_restrictions =
check_sender_access hash:/etc/postfix/our_sender
reject
As Noel said, this only controls the envelope sender, not headers if you
want to also check the headers, you need to define a specific cleanup
service, say cleanout, set it as the cleanup service for smtps, and
configure it to use a specific header_checks map which would have
something like
if /^From:/
/@example\.com($|\b)/ dunno
/./ reject blah blah
endif
of course, users can trick this. for example:
From: "joe (@example.com!again)" <[email protected]>
> B. writing a content filter to be appended to the submission line in
> master.cf (say a perl script) that scans the e-mail for the 'From:'
> line, then does a MySQL query against my virtual table, (then exits with
> some kind of code indicating the mail should be rejected??), seems an
> awful lot of work relative to the simple goal. Also how would the perl
> script know the SASL authenticated ID? Maybe an environment variable
> gets created?
>
> C. Starting a second instance of postfix so that I can have a distinct
> check_sender_access ruleset just for submission/465 mail seems highly
> wasteful of resources. Plus, as a 2-month-old Postfix admin, I feel like
> the complexity and chance of getting something very wrong is just very
> high, what with ensuring I have separate directories for all the right
> things.
>
> Someone set me straight?
>
> Thanks,
> -Daniel
>
