Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Pedro Antunes 
I'm using postfix __

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
check_recipient_access 
proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, 
reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, 
reject_unauth_destination

I think is there that I can restrict.. do you know how I can do it?

Regards,
Pedro Antunes

On 25/01/2019, 19:39, "Pedro Antunes"  wrote:

How I can check it?

I'm using mailcow with dovecote.

Thanks in advance,
Pedro Antunes

On 25/01/2019, 18:13, "Christoph Kreutzer"  
wrote:

Hi Pedro,

Do you use Postfix as MTA? Then it should be possible.
Actually, you can do quite the same with any other lookup instead of 
LDAP (I also use one regexp as you can see):
http://www.postfix.org/DATABASE_README.html#types

If your user source is e.g. MySQL or Postgres, you can use that, too. 
Or as the easiest forms in files there are the hash and texthash types.

So if you want to replace my ldap-internal_user_lookup.cf, you could 
use a file of allowed senders in the following format (type texthash):
us...@example.com OK
us...@example.com OK

ldap-check_recipient_access.cf is the same, but you should have a list 
that returns, so like:
li...@example.com internal_user_lookup
li...@example.com internal_user_lookup

Instead of texthash, it is usually better to use hash. For texthash, 
you need to reload postfix to make it pick up the changes. For hash, you only 
need to run postmap on the file (see the doc above).

Best regards,
Christoph

> Am 25.01.2019 um 17:24 schrieb Pedro Antunes :
> 
> Thanks for your help.
>  
> Without LDAP, I can restrict senders?
>  
> Exists any config file to this?
>  
> Regards,
> Pedro Antunes
>  
> From: Christoph Kreutzer 
> Date: Friday, 25 January 2019 at 15:59
> To: "users@sogo.nu" 
    > Cc: "pantu...@suroot.pt" 
> Subject: Re: [SOGo] Alias for all mailboxes
>  
> Hi,
> 
> I implemented something like that in the backend, too. I’m using 
OpenLDAP.
> 
> I have a script (PHP CLI script as part of a Zend Framework 
management frontend) that uses a config file containing some LDAP searches to 
automatically add/remove users to/from groups based on some attributes. That 
part is hard to share, but it shouldn’t be too hard implementing it with some 
Shell script if you are using the LDAP backend, too.
> 
> Regarding restrictions:
> As MJ proposed, I handle that in Postfix.
> 
> In main.cf, after smtpd_recipient_restrictions and 
smtpd_data_restrictions, there is a section:
> # allow setting action internal_user_lookup to disallow non-listed 
users as sender
> smtpd_restriction_classes =
> internal_user_lookup
> internal_user_lookup =
> check_sender_access 
ldap:/etc/postfix/ldap-internal_user_lookup.cf,
> # reject if not successful
> check_recipient_access 
regexp:/etc/postfix/regexp-check_recipient_access-reject,
> reject
> 
> ldap-internal_user_lookup.cf looks like this:
> # resolve all mail addresses to OK (for checking of internal users)
> query_filter = 
(&(|(objectClass=mailGroup)(objectClass=mailRecipient)(objectClass=inetOrgPerson))(|(mail=%s)(mailAlternateAddress=%s)(mailForwardingAddress=%s)(mailRoutingAddress=%s)))
> result_attribute = mail
> result_format = OK
> (LDAP config is missing here)
> 
> regexp-check_recipient_access-reject:
> # the same message for all
> /^(.*)$/550 5.4.1 Delivery to this mailbox is not permitted 
for you
> 
> You see the point - if the sender address is somewhere in my 
Directory, the LDAP result returns OK - Mail is accepted. Otherwise, it returns 
no result and the second check is performed.
> 
> # postmap -q kreutzer.christ...@yesthatsmymail.com 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
> OK
> # postmap -q kreutzer.christ...@example.com 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
> (no result)
> # postmap -q kreutzer.christ...@example.com 
regexp:/etc/postfix/regexp-check_recipient_access-reject 
> 550 5.4.1 Delivery to this mailbox is not permitted for you
> 
> That always returns the 550 so the message will be rejected.
> 
> 
> But how

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Pedro Antunes 
How I can check it?

I'm using mailcow with dovecote.

Thanks in advance,
Pedro Antunes

On 25/01/2019, 18:13, "Christoph Kreutzer"  
wrote:

Hi Pedro,

Do you use Postfix as MTA? Then it should be possible.
Actually, you can do quite the same with any other lookup instead of LDAP 
(I also use one regexp as you can see):
http://www.postfix.org/DATABASE_README.html#types

If your user source is e.g. MySQL or Postgres, you can use that, too. Or as 
the easiest forms in files there are the hash and texthash types.

So if you want to replace my ldap-internal_user_lookup.cf, you could use a 
file of allowed senders in the following format (type texthash):
us...@example.com OK
us...@example.com OK

ldap-check_recipient_access.cf is the same, but you should have a list that 
returns, so like:
li...@example.com internal_user_lookup
li...@example.com internal_user_lookup

Instead of texthash, it is usually better to use hash. For texthash, you 
need to reload postfix to make it pick up the changes. For hash, you only need 
to run postmap on the file (see the doc above).

Best regards,
Christoph

> Am 25.01.2019 um 17:24 schrieb Pedro Antunes :
> 
> Thanks for your help.
>  
> Without LDAP, I can restrict senders?
>  
> Exists any config file to this?
>  
> Regards,
> Pedro Antunes
>  
> From: Christoph Kreutzer 
> Date: Friday, 25 January 2019 at 15:59
> To: "users@sogo.nu" 
    > Cc: "pantu...@suroot.pt" 
> Subject: Re: [SOGo] Alias for all mailboxes
>  
> Hi,
> 
> I implemented something like that in the backend, too. I’m using OpenLDAP.
> 
> I have a script (PHP CLI script as part of a Zend Framework management 
frontend) that uses a config file containing some LDAP searches to 
automatically add/remove users to/from groups based on some attributes. That 
part is hard to share, but it shouldn’t be too hard implementing it with some 
Shell script if you are using the LDAP backend, too.
> 
> Regarding restrictions:
> As MJ proposed, I handle that in Postfix.
> 
> In main.cf, after smtpd_recipient_restrictions and 
smtpd_data_restrictions, there is a section:
> # allow setting action internal_user_lookup to disallow non-listed users 
as sender
> smtpd_restriction_classes =
> internal_user_lookup
> internal_user_lookup =
> check_sender_access ldap:/etc/postfix/ldap-internal_user_lookup.cf,
> # reject if not successful
> check_recipient_access 
regexp:/etc/postfix/regexp-check_recipient_access-reject,
> reject
> 
> ldap-internal_user_lookup.cf looks like this:
> # resolve all mail addresses to OK (for checking of internal users)
> query_filter = 
(&(|(objectClass=mailGroup)(objectClass=mailRecipient)(objectClass=inetOrgPerson))(|(mail=%s)(mailAlternateAddress=%s)(mailForwardingAddress=%s)(mailRoutingAddress=%s)))
> result_attribute = mail
> result_format = OK
> (LDAP config is missing here)
> 
> regexp-check_recipient_access-reject:
> # the same message for all
> /^(.*)$/550 5.4.1 Delivery to this mailbox is not permitted for 
you
> 
> You see the point - if the sender address is somewhere in my Directory, 
the LDAP result returns OK - Mail is accepted. Otherwise, it returns no result 
and the second check is performed.
> 
> # postmap -q kreutzer.christ...@yesthatsmymail.com 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
> OK
> # postmap -q kreutzer.christ...@example.com 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
> (no result)
> # postmap -q kreutzer.christ...@example.com 
regexp:/etc/postfix/regexp-check_recipient_access-reject 
> 550 5.4.1 Delivery to this mailbox is not permitted for you
> 
> That always returns the 550 so the message will be rejected.
> 
> 
> But how is internal_user_lookup actually enforced? This is how I’ve got 
it done:
> ldap-check_recipient_access.cf:
> # get recipient policy for a mail group
> query_filter = 
(&(objectClass=mailGroup)(|(mail=%s)(mailAlternateAddress=%s)))
> result_attribute = mgrpBroadcasterPolicy
> 
> main.cf again:
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unlisted_recipient,
> [...]
> check_recipient_access 
ldap:/etc/postfix/ldap-check_recipient_access.cf,
> reject_unverified_recipient
> 
> So, for every incoming mail I make a call to that LDAP search above. If 
the group has the attribute mgrpBroadcasterPolicy set to

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Christoph Kreutzer 
Hi Pedro,

Do you use Postfix as MTA? Then it should be possible.
Actually, you can do quite the same with any other lookup instead of LDAP (I 
also use one regexp as you can see):
http://www.postfix.org/DATABASE_README.html#types

If your user source is e.g. MySQL or Postgres, you can use that, too. Or as the 
easiest forms in files there are the hash and texthash types.

So if you want to replace my ldap-internal_user_lookup.cf, you could use a file 
of allowed senders in the following format (type texthash):
us...@example.com OK
us...@example.com OK

ldap-check_recipient_access.cf is the same, but you should have a list that 
returns, so like:
li...@example.com internal_user_lookup
li...@example.com internal_user_lookup

Instead of texthash, it is usually better to use hash. For texthash, you need 
to reload postfix to make it pick up the changes. For hash, you only need to 
run postmap on the file (see the doc above).

Best regards,
Christoph

> Am 25.01.2019 um 17:24 schrieb Pedro Antunes :
> 
> Thanks for your help.
>  
> Without LDAP, I can restrict senders?
>  
> Exists any config file to this?
>  
> Regards,
> Pedro Antunes
>  
> From: Christoph Kreutzer 
> Date: Friday, 25 January 2019 at 15:59
> To: "users@sogo.nu" 
> Cc: "pantu...@suroot.pt" 
> Subject: Re: [SOGo] Alias for all mailboxes
>  
> Hi,
> 
> I implemented something like that in the backend, too. I’m using OpenLDAP.
> 
> I have a script (PHP CLI script as part of a Zend Framework management 
> frontend) that uses a config file containing some LDAP searches to 
> automatically add/remove users to/from groups based on some attributes. That 
> part is hard to share, but it shouldn’t be too hard implementing it with some 
> Shell script if you are using the LDAP backend, too.
> 
> Regarding restrictions:
> As MJ proposed, I handle that in Postfix.
> 
> In main.cf, after smtpd_recipient_restrictions and smtpd_data_restrictions, 
> there is a section:
> # allow setting action internal_user_lookup to disallow non-listed users as 
> sender
> smtpd_restriction_classes =
> internal_user_lookup
> internal_user_lookup =
> check_sender_access ldap:/etc/postfix/ldap-internal_user_lookup.cf,
> # reject if not successful
> check_recipient_access 
> regexp:/etc/postfix/regexp-check_recipient_access-reject,
> reject
> 
> ldap-internal_user_lookup.cf looks like this:
> # resolve all mail addresses to OK (for checking of internal users)
> query_filter = 
> (&(|(objectClass=mailGroup)(objectClass=mailRecipient)(objectClass=inetOrgPerson))(|(mail=%s)(mailAlternateAddress=%s)(mailForwardingAddress=%s)(mailRoutingAddress=%s)))
> result_attribute = mail
> result_format = OK
> (LDAP config is missing here)
> 
> regexp-check_recipient_access-reject:
> # the same message for all
> /^(.*)$/550 5.4.1 Delivery to this mailbox is not permitted for you
> 
> You see the point - if the sender address is somewhere in my Directory, the 
> LDAP result returns OK - Mail is accepted. Otherwise, it returns no result 
> and the second check is performed.
> 
> # postmap -q kreutzer.christ...@yesthatsmymail.com 
> ldap:/etc/postfix/ldap-internal_user_lookup.cf
> OK
> # postmap -q kreutzer.christ...@example.com 
> ldap:/etc/postfix/ldap-internal_user_lookup.cf
> (no result)
> # postmap -q kreutzer.christ...@example.com 
> regexp:/etc/postfix/regexp-check_recipient_access-reject 
> 550 5.4.1 Delivery to this mailbox is not permitted for you
> 
> That always returns the 550 so the message will be rejected.
> 
> 
> But how is internal_user_lookup actually enforced? This is how I’ve got it 
> done:
> ldap-check_recipient_access.cf:
> # get recipient policy for a mail group
> query_filter = (&(objectClass=mailGroup)(|(mail=%s)(mailAlternateAddress=%s)))
> result_attribute = mgrpBroadcasterPolicy
> 
> main.cf again:
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unlisted_recipient,
> [...]
> check_recipient_access ldap:/etc/postfix/ldap-check_recipient_access.cf,
> reject_unverified_recipient
> 
> So, for every incoming mail I make a call to that LDAP search above. If the 
> group has the attribute mgrpBroadcasterPolicy set to internal_user_lookup 
> (that’s the only value that will be set at the moment, otherwise it won’t 
> exist), the defined smtpd_restriction_class is called. Which does what I 
> described above.
> 
> Hope that helps :-) The postfix docs are actually really good, but it’s 
> complex to implement. Sometimes you just need a test setup. I got started 
> there, I believe: http://www.postfix.org/LDAP_README.html
>  
> Best regards,
&g

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Gordon Messmer 

On 1/25/19 5:00 AM, Pedro Antunes" (pantu...@suroot.pt) wrote:

Ok. One more question.. It's possible restrict one alias to one sender?



The method will depend on which MTA you're using.  The most generic way 
is probably to use a mailing list instead of an alias.  Aliases 
typically don't have any business rules or logic associated with them.  
GNU Mailman can restrict senders.  Qmail or Courier MTA systems can use 
dot-qmail or dot-courier files and implement the check in a shell script.


--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Pedro Antunes 
Thanks for your help.

Without LDAP, I can restrict senders?

Exists any config file to this?

Regards,
Pedro Antunes

From: Christoph Kreutzer 
Date: Friday, 25 January 2019 at 15:59
To: "users@sogo.nu" 
Cc: "pantu...@suroot.pt" 
Subject: Re: [SOGo] Alias for all mailboxes

Hi,

I implemented something like that in the backend, too. I’m using OpenLDAP.

I have a script (PHP CLI script as part of a Zend Framework management 
frontend) that uses a config file containing some LDAP searches to 
automatically add/remove users to/from groups based on some attributes. That 
part is hard to share, but it shouldn’t be too hard implementing it with some 
Shell script if you are using the LDAP backend, too.

Regarding restrictions:
As MJ proposed, I handle that in Postfix.

In main.cf, after smtpd_recipient_restrictions and smtpd_data_restrictions, 
there is a section:
# allow setting action internal_user_lookup to disallow non-listed users as 
sender
smtpd_restriction_classes =
internal_user_lookup
internal_user_lookup =
check_sender_access ldap:/etc/postfix/ldap-internal_user_lookup.cf,
# reject if not successful
check_recipient_access 
regexp:/etc/postfix/regexp-check_recipient_access-reject,
reject

ldap-internal_user_lookup.cf looks like this:
# resolve all mail addresses to OK (for checking of internal users)
query_filter = 
(&(|(objectClass=mailGroup)(objectClass=mailRecipient)(objectClass=inetOrgPerson))(|(mail=%s)(mailAlternateAddress=%s)(mailForwardingAddress=%s)(mailRoutingAddress=%s)))
result_attribute = mail
result_format = OK
(LDAP config is missing here)

regexp-check_recipient_access-reject:
# the same message for all
/^(.*)$/550 5.4.1 Delivery to this mailbox is not permitted for you

You see the point - if the sender address is somewhere in my Directory, the 
LDAP result returns OK - Mail is accepted. Otherwise, it returns no result and 
the second check is performed.

# postmap -q 
kreutzer.christ...@yesthatsmymail.com<mailto:kreutzer.christ...@yesthatsmymail.com>
 ldap:/etc/postfix/ldap-internal_user_lookup.cf
OK
# postmap -q 
kreutzer.christ...@example.com<mailto:kreutzer.christ...@example.com> 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
(no result)
# postmap -q 
kreutzer.christ...@example.com<mailto:kreutzer.christ...@example.com> 
regexp:/etc/postfix/regexp-check_recipient_access-reject
550 5.4.1 Delivery to this mailbox is not permitted for you

That always returns the 550 so the message will be rejected.


But how is internal_user_lookup actually enforced? This is how I’ve got it done:
ldap-check_recipient_access.cf:
# get recipient policy for a mail group
query_filter = (&(objectClass=mailGroup)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = mgrpBroadcasterPolicy

main.cf again:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
[...]
check_recipient_access ldap:/etc/postfix/ldap-check_recipient_access.cf,
reject_unverified_recipient

So, for every incoming mail I make a call to that LDAP search above. If the 
group has the attribute mgrpBroadcasterPolicy set to internal_user_lookup 
(that’s the only value that will be set at the moment, otherwise it won’t 
exist), the defined smtpd_restriction_class is called. Which does what I 
described above.

Hope that helps :-) The postfix docs are actually really good, but it’s complex 
to implement. Sometimes you just need a test setup. I got started there, I 
believe: http://www.postfix.org/LDAP_README.html

Best regards,
Christoph


Am 25.01.2019 um 13:09 schrieb mj 
(li...@merit.unu.edu<mailto:li...@merit.unu.edu>) 
mailto:users@sogo.nu>>:

Hi,

On 1/25/19 3:37 AM, Pedro Antunes 
(pantu...@suroot.pt<mailto:pantu...@suroot.pt>) wrote:

Hi,
how i can create an distribution list (alias) that contain all mailboxes of one 
domain? its possible?
It’s possible restrict who can send emails to one alias?

We do this in our accounts backend (ldap/AD) by creating a group, give it an 
email address, and add users to it.

Then in sogo.conf we add a specific user source, something like:


   type = ldap;
   CNFieldName = displayName;
   IDFieldName = cn;
   UIDFieldName = uid;
   baseDN = "CN=Groups,DC=";
   canAuthenticate = NO;
   bindDN = "cn=sogo-groups,cn=.";
   bindPassword = ;
   displayName = "Our groups";
   listRequiresDot = NO;
   MailFieldNames =(mail, otherMailbox, proxyAddresses);
   id = ad-mail-groups;
   isAddressBook = YES;
   port = 389;
   scope = "SUB";
   filter = "(objectClass=group)";

You also need to configure postfix to handle these same groups.

About restrictions: I guess I'd look at the postfix side of things for 
restrictions. But I don't have an answer ready for you.

MJ
--
users@sogo.nu<mailto:users@sogo.nu>
https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Christoph Kreutzer 
Hi,

I implemented something like that in the backend, too. I’m using OpenLDAP.

I have a script (PHP CLI script as part of a Zend Framework management 
frontend) that uses a config file containing some LDAP searches to 
automatically add/remove users to/from groups based on some attributes. That 
part is hard to share, but it shouldn’t be too hard implementing it with some 
Shell script if you are using the LDAP backend, too.

Regarding restrictions:
As MJ proposed, I handle that in Postfix.

In main.cf, after smtpd_recipient_restrictions and smtpd_data_restrictions, 
there is a section:
# allow setting action internal_user_lookup to disallow non-listed users as 
sender
smtpd_restriction_classes =
internal_user_lookup
internal_user_lookup =
check_sender_access ldap:/etc/postfix/ldap-internal_user_lookup.cf,
# reject if not successful
check_recipient_access 
regexp:/etc/postfix/regexp-check_recipient_access-reject,
reject

ldap-internal_user_lookup.cf looks like this:
# resolve all mail addresses to OK (for checking of internal users)
query_filter = 
(&(|(objectClass=mailGroup)(objectClass=mailRecipient)(objectClass=inetOrgPerson))(|(mail=%s)(mailAlternateAddress=%s)(mailForwardingAddress=%s)(mailRoutingAddress=%s)))
result_attribute = mail
result_format = OK
(LDAP config is missing here)

regexp-check_recipient_access-reject:
# the same message for all
/^(.*)$/550 5.4.1 Delivery to this mailbox is not permitted for you

You see the point - if the sender address is somewhere in my Directory, the 
LDAP result returns OK - Mail is accepted. Otherwise, it returns no result and 
the second check is performed.

# postmap -q kreutzer.christ...@yesthatsmymail.com 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
OK
# postmap -q kreutzer.christ...@example.com 
ldap:/etc/postfix/ldap-internal_user_lookup.cf
(no result)
# postmap -q kreutzer.christ...@example.com 
regexp:/etc/postfix/regexp-check_recipient_access-reject 
550 5.4.1 Delivery to this mailbox is not permitted for you

That always returns the 550 so the message will be rejected.


But how is internal_user_lookup actually enforced? This is how I’ve got it done:
ldap-check_recipient_access.cf:
# get recipient policy for a mail group
query_filter = (&(objectClass=mailGroup)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = mgrpBroadcasterPolicy

main.cf again:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
[...]
check_recipient_access ldap:/etc/postfix/ldap-check_recipient_access.cf,
reject_unverified_recipient

So, for every incoming mail I make a call to that LDAP search above. If the 
group has the attribute mgrpBroadcasterPolicy set to internal_user_lookup 
(that’s the only value that will be set at the moment, otherwise it won’t 
exist), the defined smtpd_restriction_class is called. Which does what I 
described above.

Hope that helps :-) The postfix docs are actually really good, but it’s complex 
to implement. Sometimes you just need a test setup. I got started there, I 
believe: http://www.postfix.org/LDAP_README.html 


Best regards,
Christoph

> Am 25.01.2019 um 13:09 schrieb mj (li...@merit.unu.edu) :
> 
> Hi,
> 
> On 1/25/19 3:37 AM, Pedro Antunes (pantu...@suroot.pt) wrote:
>> Hi,
>> how i can create an distribution list (alias) that contain all mailboxes of 
>> one domain? its possible?
>> It’s possible restrict who can send emails to one alias?
> 
> We do this in our accounts backend (ldap/AD) by creating a group, give it an 
> email address, and add users to it.
> 
> Then in sogo.conf we add a specific user source, something like:
> 
>>type = ldap;
>>CNFieldName = displayName;
>>IDFieldName = cn;
>>UIDFieldName = uid;
>>baseDN = "CN=Groups,DC=";
>>canAuthenticate = NO;
>>bindDN = "cn=sogo-groups,cn=.";
>>bindPassword = ;
>>displayName = "Our groups";
>>listRequiresDot = NO;
>>MailFieldNames =(mail, otherMailbox, proxyAddresses);
>>id = ad-mail-groups;
>>isAddressBook = YES;
>>port = 389;
>>scope = "SUB";
>>filter = "(objectClass=group)";
> 
> You also need to configure postfix to handle these same groups.
> 
> About restrictions: I guess I'd look at the postfix side of things for 
> restrictions. But I don't have an answer ready for you.
> 
> MJ
> -- 
> users@sogo.nu
> https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread mj 

Hi,

On 1/25/19 3:37 AM, Pedro Antunes (pantu...@suroot.pt) wrote:

Hi,

how i can create an distribution list (alias) that contain all mailboxes 
of one domain? its possible?


It’s possible restrict who can send emails to one alias?



We do this in our accounts backend (ldap/AD) by creating a group, give 
it an email address, and add users to it.


Then in sogo.conf we add a specific user source, something like:


type = ldap;
CNFieldName = displayName;
IDFieldName = cn;
UIDFieldName = uid;
baseDN = "CN=Groups,DC=";
canAuthenticate = NO;
bindDN = "cn=sogo-groups,cn=.";
bindPassword = ;
displayName = "Our groups";
listRequiresDot = NO;
MailFieldNames =(mail, otherMailbox, proxyAddresses);
id = ad-mail-groups;
isAddressBook = YES;
port = 389;
scope = "SUB";
filter = "(objectClass=group)";


You also need to configure postfix to handle these same groups.

About restrictions: I guess I'd look at the postfix side of things for 
restrictions. But I don't have an answer ready for you.


MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Pedro Antunes 
Ok. One more question.. It's possible restrict one alias to one sender?


Example: One alias only receive emails from an specific email address. 

Regards,
Pedro Antunes

On 25/01/2019, 12:57, "users-requ...@sogo.nu on behalf of Christian Mack" 
 wrote:

Hello

Am 25.01.19 um 03:37 schrieb Pedro Antunes (pantu...@suroot.pt):
> 
> how i can create an distribution list (alias) that contain all mailboxes 
of one domain? its possible?
> It’s possible restrict who can send emails to one alias?
> 

There is no function who does that in SOGo.
You could create an distribution list, that consists of all possible
addresses, but you would need to create that manually and keep it up to
date manually.
Perhaps you could generate and add it per script.

Distribution lists are per address book.
Whoever can read that address book can use that distribution list.

Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Alias for all mailboxes

2019-01-25 Thread Christian Mack 
Hello

Am 25.01.19 um 03:37 schrieb Pedro Antunes (pantu...@suroot.pt):
> 
> how i can create an distribution list (alias) that contain all mailboxes of 
> one domain? its possible?
> It’s possible restrict who can send emails to one alias?
> 

There is no function who does that in SOGo.
You could create an distribution list, that consists of all possible
addresses, but you would need to create that manually and keep it up to
date manually.
Perhaps you could generate and add it per script.

Distribution lists are per address book.
Whoever can read that address book can use that distribution list.

Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature