Off-site mail - blocking

Pondělí Únor 19 16:03:54 CET 2001

Zdravim!
Pokousim se rozjet v Postfixu blokovani vybranych uzivatelu pro odesilani
posty dle navodu ve FAQ. Ocekavam ze uzivatele uvedeni v restricted_senders
budou moci odesilat jen lokalni postu.
Bohuzel podle FAQ to nejede a stale lze odesilat i ven.
Je tady nekdo komu to funguje? Docela me to tlaci a uz nevim co dal. V
http://msgs.securepoint.com/postfix/ jsem nasel zminku to tom ze to jde, ale
taky jim to nefunguje ok.

Predem diky za jakoukoli konstruktivni radu.

S pozdravem
Bretislav Duda
__________________________________________

--------------------------------------------------------------
Restricting what users can send mail to off-site destinations
How can I configure Postfix in a way that some users can send mail
to the internet and other users not. The users with no access should
receive a generic bounce message. Please don't discuss whether such
access restrictions are necessary, it was not my decision.
Postfix has support for per-user restrictions.  The restrictions
are implemented by the SMTP server. Thus, users that violate the policy have
their mail rejected by the SMTP server.  Like this:

550 <user na remote>: Access denied
The implementation uses two lookup tables. One table defines what
users are restricted in where they can send mail, and the other
table defines what destinations are local. It is left as an exercise
for the reader to change this into a scheme where only some users
have permission to send send mail to off-site destinations, and
where most users are restricted.

The example assumes DB/DBM files, but this could also be done with
LDAP or SQL.

/etc/postfix/main.cf:
        smtpd_recipient_restrictions =
            hash:/etc/postfix/restricted_senders
            ...other stuff...
        smtpd_restriction_classes = local_only
        local_only = check_sender_access hash:/etc/postfix/local_domains,
reject

/etc/postfix/restricted_senders:
        foo na domain      local_only
        bar na domain      local_only

/etc/postfix/local_domains:
        this.domain     OK      (matches this.domain and subdomains)
        that.domain     OK      (matches that.domain and subdomains)
Specify dbm instead of hash if your system uses
dbm files instead of db files. To find out what map
types Postfix supports, use the command postconf -m.

The smtpd_restriction_classes verbiage exists so that Postfix can
open /etc/postfix/local_domains.db before entering a chroot
jail, so it is only an artefact of implementation.