I wonder if its possible to block all but few specific adresses to send outgoing emails anywhere other than its own domain. Also so they could still recive incomming messages. Blocking everyone isnt that hard from what i can see but blocking just few specific users is a whole different story it would seem.
Asked
Active
Viewed 2,612 times
1 Answers
4
It's entirely possible with postfix Restriction Classes, you can group users in a table, and then apply certain access patterns (can only send to certain domains, can't send at all, etc).
A simple example would be under smtpd_recipient_restrictions you add a line to check the sender access: check_sender_access hash:/etc/postfix/sender_access
in the file sender_access you put the email address, and the policy applied (it's better to whitelist, since you say a few users, so specifically allow them to send anywhere, then the others add a larger group.. just the domain for example).
/etc/postfix/sender_access:
user1@yourdomain.com all
user2@yourdomain.com all
@yourdomain.com local
Then you need to define those classes.
smtpd_restriction_classes = local, all
local = check_recipient_access hash:/etc/postfix/local_dom, reject
all = check_recipient_access regex:/etc/postfix/all_dom, reject
/etc/postfix/local:
domain1.com OK
domain2.com OO
/etc/postfix/all:
^*@* OK
This isn't perfect (my regex should work), as mail from names are not restricted, and of course, your mail users could also send through another server, but this is one basic way of doing what you ask. You can also substitute the hash tables for SQL, etc..
Gerald Schneider
- 23,274
- 8
- 57
- 89
NickW
- 10,263
- 1
- 20
- 27