[vchkpw] Re: [SPAM] Re: [vchkpw] Prevent certain users from send emails outside the local domain.
On 06/09/2012 04:44 AM, Pritam D. Gautam wrote:
Dear Amit,
Thank you for pointing in right direction.
However, there are some shortcomings of implementing eMPF, I have
encountered:
Scenario 1: User A has been configured to prevent sending mails to
external domain.
If user A sends mail to internal domain (permitted by policy), with a
copy to external domain (denied by policy), the entire mail is rejected.
This is the behavior that I would expect, although that doesn't
necessarily make it right or proper.
I'll need to think this through before coming up with a suggestion. This
seems similar to another situation where a submission contains one
invalid address out of a bunch, and the message is refused giving the
user no indication of which address is bad. I'm not sure this is the
best way to handle things either.
Scenario 2: Vpopmail has been configured with /defaultdomain/ name in
~vpopmail/etc/defaultdomain file
With defaultdomain configured, it is not mandatory to supply full
emailaddress for authenticating with mailserver resulting in eMPF to
fail and allow all emails.
--
Having said that I have been able to write a workaround for Scenario 2
but living with Scenario 1 currently.
Any help will be appreciated.
Attached is patch I have created for Scenario 2.
HOWTO for Scenario 2:
--
1. Apply patch
2. Configure and export QMAILDEFAULTDOMAIN variable in the run file for
SMTP Server
e.g. export QMAILDEFAULTDOMAIN="@example.com"
Rather than have the default domain hard coded in another location, I
would rather see something like:
defdomfile=/home/vpopmail/etc/defaultdomain
if [ -f "$defdomfile" ]; then
export QMAILDEFAULTDOMAIN=$(cat $defdomfile)
else
export QMAILDEFAULTDOMAIN=""
fi
Also, I'm not a C expert. I wonder what happens with
strcat(remoteinfo,env_get("QMAILDEFAULTDOMAIN"))
when QMAILDEFAULTDOMAIN is not defined. If nothing, that's fine. If it
causes strcat to do something undesired though, then the result of
env_get should be checked before doing the strcat.
Nice work. This fix should probably be included the the stock eMPF code.
Matt?
--
-Eric 'shubes'
!DSPAM:4fd37e6634201363618960!
Re: [vchkpw] Re: [SPAM] Re: [vchkpw] Prevent certain users from send emails outside the local domain.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/08/2012 10:12 AM, Eric Shubert wrote: >> not 100% sure, but I think you can do it via vmoduser and adding -r flag >> to the user. This, however, will require smtp auth usage. >> For more information, look at http://www.qmailwiki.org/Vpopmail#vmoduser >> >> Regards, > > That's an interesting approach. I think you'd want to use the -s flag for the > user, then configure > their email client to not authenticate. Local email would be accepted (for > all domains on the host > though, not strictly inter-domain), and relaying would be rejected. > > I think eMPF (as Amit suggested) is a nicer solution though. It's more > straight forward, and has > more flexibility to control this sort of thing. Not surprising, as that's > what it was created to do. Sorry about all the [SPAM] tags. Not sure how that happened, but we're adjusting things. Anyway, yes, Eric is totally correct, eMPF was written for precisely this purpose. http://www.qmailwiki.org/eMPF has documentation and examples. Thanks! - -- /* Matt BrookingsGnuPG Key 5F3258AD Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP0kcCAAoJEGgfLslfMlitCSwH/jJ1olWF0B8oNfHLXiAJsR5a zkZyGoPYU0yvwcXnnuKpUWGDw32FaQ9CedaRtZNheT5reKO95CS3Zc842R5/0sIl oCjAwNglV3mlo0qH4whG6wRMC68KwSY+t9s3w9QyiWYV5Jq0GxzT90goJKVGldz6 yUGxljECt/VetoyUxWFgbx0MTVblgZS0Gn0TPGGqxwgCI/cBq+8sOdGloD85xwiJ YuT+34F1lWyuqfljeHu+BuQH1eWxQUe2xJDXNS9PQ7OJFT/NoGqpep4kc/+eH2uj DdsznBZo0xmv+jObDfR33jbIPqkxtwueuhGpl+btXes7Ahsq2aE/pOf+/6KmPEM= =V81g -END PGP SIGNATURE-
[vchkpw] Re: [SPAM] Re: [vchkpw] Prevent certain users from send emails outside the local domain.
On 06/08/2012 04:43 AM, Todor Petkov wrote: On 06/08/2012 01:04 PM, Pritam D. Gautam wrote: Hi, I am required to prevent certain users on my Qmail Server from sending emails to outside domain. In my understanding, only IP Addresses can be prevented from relaying! But that's something which does not work in my environment considering we have DHCP setup. Any help will be appreciated. Regards, Hello, not 100% sure, but I think you can do it via vmoduser and adding -r flag to the user. This, however, will require smtp auth usage. For more information, look at http://www.qmailwiki.org/Vpopmail#vmoduser Regards, That's an interesting approach. I think you'd want to use the -s flag for the user, then configure their email client to not authenticate. Local email would be accepted (for all domains on the host though, not strictly inter-domain), and relaying would be rejected. I think eMPF (as Amit suggested) is a nicer solution though. It's more straight forward, and has more flexibility to control this sort of thing. Not surprising, as that's what it was created to do. -- -Eric 'shubes' !DSPAM:4fd2168b34201383016228!
