Restrictions on localhost
in [Postfix]
|
From: Alex on 13 Feb 2010 11:36 Hi, I have a Linux server running an older version of postfix and webmail for users to send mail. Since localhost is trusted in $mynetworks, a connection from there can send mail to any recipient. Since squirrelmail connects directly to localhost, any mail that it sends is authorized. How can I add restrictions on localhost, despite it being authorized, from sending mail as certain users or to certain recipients? Thanks, Alex
From: Sahil Tandon on 14 Feb 2010 03:03 On Sat, 13 Feb 2010, Alex wrote: > I have a Linux server running an older version of postfix and webmail > for users to send mail. Since localhost is trusted in $mynetworks, a > connection from there can send mail to any recipient. Since > squirrelmail connects directly to localhost, any mail that it sends is > authorized. How can I add restrictions on localhost, despite it being > authorized, from sending mail as certain users or to certain > recipients? Enforce the restrictions before you permit_mynetworks. -- Sahil Tandon <sahil(a)tandon.net>
From: /dev/rob0 on 14 Feb 2010 07:28 On Sat, Feb 13, 2010 at 11:36:22AM -0500, Alex wrote: > I have a Linux server running an older version of postfix and > webmail for users to send mail. Since localhost is trusted in > $mynetworks, a connection from there can send mail to any > recipient. Since squirrelmail connects directly to localhost, > any mail that it sends is authorized. Squirrelmail might not be connecting to localhost at all. The more likely default is that it uses sendmail(1) submission. That is an all-or-nothing proposition; sendmail either takes what a given user (in this case, your Web server's process UID) gives it, or it takes nothing at all. See: http://www.postfix.org/postconf.5.html#authorized_submit_users http://www.postfix.org/sendmail.1.html > How can I add restrictions on localhost, despite it being > authorized, from sending mail as certain users or to certain > recipients? It is probable that the eventual solution to whatever problem you encountered will be found within Squirrelmail, off topic here. You could force the use of SMTP, and force authentication, and use restriction classes and smtpd_sender_login_maps. I do not know if Squirrelmail is capable of per-user AUTH. The Postfix part of it is documented: http://www.postfix.org/SASL_README.html http://www.postfix.org/RESTRICTION_CLASS_README.html http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
|
Pages: 1 Prev: Google generating it's own reject codes? Next: how to specify a "default key" in access(5) |