Re: How can I restrict some specific users from sending email to external domains?

Mon, 27 May 2013 14:29:15 -0700 

* Benny Pedersen <m...@junc.eu>:
> Bogdan Enache skrev den 2013-05-27 21:38:
> 
> >How should I define the restrictions so other users will not be
> >affected by this restriction, and where should I put them in the
> >config?

You need to catch the sender address and route it into a dedicated filter
ruleset. Here's how you do it:

The check_sender_access restriction below triggers the lookup to catch the
sender:

smtpd_recipient_restrictions = 
        ...
        check_sender_access hash:/etc/postfix/internal_senders
        permit_mynetworks
        reject_unauth_destination
        ...

In the map you list the senders that should be re-routed to the dedicated
filter ruleset:

# /etc/postfix/internal_senders
restric...@example.com          internal_only

The rule above says to route restric...@example.com to a ruleset called
"internal_only". You need to define it, before you can add rules to it:

smtpd_restriction_classes = 
        internal_only

Now you can create the restriction class "internal_only" and add rules. They
are executed top to bottom - first match wins:

internal_only = 
        check_recipient_access hash:/etc/postfix/internal_domains
        reject

In the map /etc/postfix/internal_domains you list all recipient domains the
sender should be permitted to send to. When you say "OK" you tell Postfix to
permit the senders request (send a message):

# /etc/postfix/internal_domains
example.com                     OK
example.org                     OK

If the recipient domain is not in /etc/postfix/internal_domains Postfix will
look for the next rule. In "internal_only" I wrote "reject". This is a static
action, which always is true if Postfix tests it. It gives you what you want.
Either the recipient domain is on /etc/postfix/internal_domains or the request
action (send a message) will be rejected.

> this is solved with postfwd, but its possible to learn more with
> postfix :)

Less tools rulez. ;)

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Reply via email to