Hi Pedro, Do you use Postfix as MTA? Then it should be possible. Actually, you can do quite the same with any other lookup instead of LDAP (I also use one regexp as you can see): http://www.postfix.org/DATABASE_README.html#types
If your user source is e.g. MySQL or Postgres, you can use that, too. Or as the easiest forms in files there are the hash and texthash types. So if you want to replace my ldap-internal_user_lookup.cf, you could use a file of allowed senders in the following format (type texthash): [email protected] OK [email protected] OK ldap-check_recipient_access.cf is the same, but you should have a list that returns, so like: [email protected] internal_user_lookup [email protected] internal_user_lookup Instead of texthash, it is usually better to use hash. For texthash, you need to reload postfix to make it pick up the changes. For hash, you only need to run postmap on the file (see the doc above). Best regards, Christoph > Am 25.01.2019 um 17:24 schrieb Pedro Antunes <[email protected]>: > > Thanks for your help. > > Without LDAP, I can restrict senders? > > Exists any config file to this? > > Regards, > Pedro Antunes > > From: Christoph Kreutzer <[email protected]> > Date: Friday, 25 January 2019 at 15:59 > To: "[email protected]" <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [SOGo] Alias for all mailboxes > > Hi, > > I implemented something like that in the backend, too. I’m using OpenLDAP. > > I have a script (PHP CLI script as part of a Zend Framework management > frontend) that uses a config file containing some LDAP searches to > automatically add/remove users to/from groups based on some attributes. That > part is hard to share, but it shouldn’t be too hard implementing it with some > Shell script if you are using the LDAP backend, too. > > Regarding restrictions: > As MJ proposed, I handle that in Postfix. > > In main.cf, after smtpd_recipient_restrictions and smtpd_data_restrictions, > there is a section: > # allow setting action internal_user_lookup to disallow non-listed users as > sender > smtpd_restriction_classes = > internal_user_lookup > internal_user_lookup = > check_sender_access ldap:/etc/postfix/ldap-internal_user_lookup.cf, > # reject if not successful > check_recipient_access > regexp:/etc/postfix/regexp-check_recipient_access-reject, > reject > > ldap-internal_user_lookup.cf looks like this: > # resolve all mail addresses to OK (for checking of internal users) > query_filter = > (&(|(objectClass=mailGroup)(objectClass=mailRecipient)(objectClass=inetOrgPerson))(|(mail=%s)(mailAlternateAddress=%s)(mailForwardingAddress=%s)(mailRoutingAddress=%s))) > result_attribute = mail > result_format = OK > (LDAP config is missing here) > > regexp-check_recipient_access-reject: > # the same message for all > /^(.*)$/ 550 5.4.1 Delivery to this mailbox is not permitted for you > > You see the point - if the sender address is somewhere in my Directory, the > LDAP result returns OK - Mail is accepted. Otherwise, it returns no result > and the second check is performed. > > # postmap -q [email protected] > ldap:/etc/postfix/ldap-internal_user_lookup.cf > OK > # postmap -q [email protected] > ldap:/etc/postfix/ldap-internal_user_lookup.cf > (no result) > # postmap -q [email protected] > regexp:/etc/postfix/regexp-check_recipient_access-reject > 550 5.4.1 Delivery to this mailbox is not permitted for you > > That always returns the 550 so the message will be rejected. > > > But how is internal_user_lookup actually enforced? This is how I’ve got it > done: > ldap-check_recipient_access.cf: > # get recipient policy for a mail group > query_filter = (&(objectClass=mailGroup)(|(mail=%s)(mailAlternateAddress=%s))) > result_attribute = mgrpBroadcasterPolicy > > main.cf again: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > reject_unlisted_recipient, > [...] > check_recipient_access ldap:/etc/postfix/ldap-check_recipient_access.cf, > reject_unverified_recipient > > So, for every incoming mail I make a call to that LDAP search above. If the > group has the attribute mgrpBroadcasterPolicy set to internal_user_lookup > (that’s the only value that will be set at the moment, otherwise it won’t > exist), the defined smtpd_restriction_class is called. Which does what I > described above. > > Hope that helps :-) The postfix docs are actually really good, but it’s > complex to implement. Sometimes you just need a test setup. I got started > there, I believe: http://www.postfix.org/LDAP_README.html > > Best regards, > Christoph > > > Am 25.01.2019 um 13:09 schrieb mj ([email protected]) <[email protected]>: > > Hi, > > On 1/25/19 3:37 AM, Pedro Antunes ([email protected]) wrote: > > Hi, > how i can create an distribution list (alias) that contain all mailboxes of > one domain? its possible? > It’s possible restrict who can send emails to one alias? > > We do this in our accounts backend (ldap/AD) by creating a group, give it an > email address, and add users to it. > > Then in sogo.conf we add a specific user source, something like: > > > type = ldap; > CNFieldName = displayName; > IDFieldName = cn; > UIDFieldName = uid; > baseDN = "CN=Groups,DC=...."; > canAuthenticate = NO; > bindDN = "cn=sogo-groups,cn=....."; > bindPassword = ....; > displayName = "Our groups"; > listRequiresDot = NO; > MailFieldNames =(mail, otherMailbox, proxyAddresses); > id = ad-mail-groups; > isAddressBook = YES; > port = 389; > scope = "SUB"; > filter = "(objectClass=group)"; > > You also need to configure postfix to handle these same groups. > > About restrictions: I guess I'd look at the postfix side of things for > restrictions. But I don't have an answer ready for you. > > MJ > -- > [email protected] > https://inverse.ca/sogo/lists -- [email protected] https://inverse.ca/sogo/lists
