1 Topic by crashdoom

  • crashdoom
  • Member
  • Offline
  • Registered: 2013-08-23
  • Posts: 2

Topic: Block out-of-domain email for certain users

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian 7.0
- Related log if you're reporting an issue: N/A
====

Hey,

I'm wondering if it's possible to block outbound email for some users in my domain if they are prefixed with "trn_", so they can still send emails within the domain but cannot send anything outside it.

Regards,
Crashdoom

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Block out-of-domain email for certain users

Try either one:

1) iRedAPD (our postfix policy server) has plugin "sql_user_restrictions " for this kind of restriction. What you need to do is enabling this plugin in iRedAPD (/opt/iredapd/settings.py), then updating SQL records of these users (trn_*) with proper restrictions. Let's take user 'trn_1@domain.com' for example:

mysql> USE vmail;
mysql> UPDATE mailbox SET allowedrecipients='@domain.com', rejectedrecipients='@.' WHERE username='trn_1@domain.com';

That's all. It means user 'trn_1@' cannot sent email to others except domain 'domain.com'. You can find valid value of those columns in plugin source file (/opt/iredapd/plugins/sql_user_restrictions.py).

2) Write a simple plugin for iRedAPD to check sender/recipient address, reject if not sent to same domain. It should be really simple, i guess you can get it done with 20 lines. Sample plugin: https://bitbucket.org/zhb/iredapd/src/d … at=default

3 Reply by crashdoom

  • crashdoom
  • Member
  • Offline
  • Registered: 2013-08-23
  • Posts: 2

Re: Block out-of-domain email for certain users

ZhangHuangbin wrote:

Try either one:

1) iRedAPD (our postfix policy server) has plugin "sql_user_restrictions " for this kind of restriction. What you need to do is enabling this plugin in iRedAPD (/opt/iredapd/settings.py), then updating SQL records of these users (trn_*) with proper restrictions. Let's take user 'trn_1@domain.com' for example:

mysql> USE vmail;
mysql> UPDATE mailbox SET allowedrecipients='@domain.com', rejectedrecipients='@.' WHERE username='trn_1@domain.com';

That's all. It means user 'trn_1@' cannot sent email to others except domain 'domain.com'. You can find valid value of those columns in plugin source file (/opt/iredapd/plugins/sql_user_restrictions.py).

2) Write a simple plugin for iRedAPD to check sender/recipient address, reject if not sent to same domain. It should be really simple, i guess you can get it done with 20 lines. Sample plugin: https://bitbucket.org/zhb/iredapd/src/d … at=default

Thanks, and a last question. Is it possible to add additional headers based on addresses? For example, with an alias of  "int.allstaff@example.com", is it possible for any emails sent to that email to have the reply-to being the alias email instead of the sender?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Block out-of-domain email for certain users

You're looking for feature implemented in mailing list management tool like Mailman.

Postfix "header_checks" can add addition headers, but i don't think it can be done with header_checks in your case, because Postfix expands alias address to its members before delivery.
http://www.postfix.org/header_checks.5.html

iRedAPD cannot do this.