Hi Peter,

Let me see if I understood your plan. You say that, in order to disable the RELAYCLIENT to just some accounts, and this way, setting them as partially** internal-only, I should:

** remember that just by disabling the RELAYCLIENT variable the account could still receive external e-mail. They just can't send e-mail to external accounts. If so, this configuration still doesn't fully implement the internal-only accounts feature I'm
       looking for

1 - Disable the pop-before-smtp scheme by recompiling vpopmail.
   ( OR disable it just to a specific domain by
   running "vmoduser -r domainname". ),
   AND Remove the RELAYCLIENT variable for the whole network,
   AND Enable the SMTP-AUTH scheme on the qmail server,
   AND configure "full" accounts (not internal-only) to authenticate via


2 - Enable the pop-before-smtp scheme for everybody in the domain,
   AND Remove the RELAYCLIENT variable for the whole network,
AND selectively disable the pop-before-smtp capability of the internal-only
   accounts by running a "vmoduser -r [EMAIL PROTECTED]" for
   each internal-only account.

Is this what you planned?

I agree that both strategies are much better than putting a lot of IP addresses in the beginning of tcp.smtp file, and I also agree that just by disabling a user from sending e-mail to external accounts will force him to not use his work e-mail to contact his external friends, once he'll never be able the answer their messages. But there's a possibility for him to receive external e-mail, and I don't want this leak opened.

So this is not what I'm looking for yet.

More ideas?

Bruno Negrao - Network Manager
Engepel Teleinformática. 55-31-34812311
Belo Horizonte, MG, Brazil

Reply via email to