This feature is very good. Today, I make a local only domain to the users that can't receive mails from the Internet, and put all users that can send mails to Internet in the /var/qmail/control/relaymailfrom. This works fine, but have a lot of security problems.
Best Regards Renato Bruno Negrão wrote:
Occured to me a new idea now. Qmail-ldap would smoothly implement this feature if it was added as a new functionality to qmail-verify (the process invoked by qmail-smtpd to check out things inside the directory). Just like SENDERCHECK and RCPTCHECK, qmail-smtpd could receive a, say, MAILCLASSCHECK that would trigger qmail-verify to check inside the directory what permissions the involved local user account has. With the use of a new user attribute, mailClass (as suggested by Fernando M.), qmail-verify could answer to qmail-smtpd if that message was allowed or denied to pass. The mailClass attribute would accept 3 values: - interNet => receives/sends only from/to Internet - intraNet => receives/sends only from/to Internal mail - all => receives/sends from/to Internet and Internal mail For me this would be a very clean implementation of this feature by qmail-ldap. What do you think about it? Any drawback? Regards, ------------------------------------------------- Bruno Negrao - Network Manager Engepel Teleinformática. 55-31-34812311 Belo Horizonte, MG, Brazil
signature.asc
Description: OpenPGP digital signature
