1

Topic: Restrict user to/from External mail server

======== Required information ====
- iRedMail version: 1.9.0 + IredAdmin-Pro-Ldap
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian Squeeze
- Related log if you're reporting an issue:
====

Hi Everyone,

IredAdmin-Pro-LDAP is installed on ourside Version 1.9.0 and iRedmail 0.8.4

We have 35 mail accounts in which only 15 persons should be able to receive and send mail from/to external mail servers on Internet.  The remaining 20 mailboxes will be used to send and receive mail only within the LAN.  They have only 1 domain that will be used.

Could you please tell me how to implement this by using the IredAdmin-pro-Ldap Interface beacause I can't find any thing about it? Or do we need to modify directly the fila main.cf using the following options

smtpd_recipient_restrictions =
        check_sender_access hash:/etc/postfix/restricted_senders


Thanks for your support and help!!!

Shafeek

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Restrict user to/from External mail server

You have to update profiles for those 20 users who cannot send to
or receive from external network.

Let's take user 'user@domain.com' for example. Below are steps to restrict
him not able to sent to or receive from internet.

*) Login to iRedAdmin-Pro.

*) Go to profile page of user 'user@domain.com' (Go to domain list page first,
then click user list page of domain 'domain.com', find user@domain.com,
then click the gear icon to go to profile page.)

*) In user profile page, click tab "White/Blacklist". Screenshot for your
reference: http://iredmail.org/images/iredadmin/us … ctions.png

*) As you can see, there're 4 input fields. Here's what you need to input:

1) Bypass mails from below senders: @domain.com
2) Reject mails from below senders: @. (There's a dot after '@')
3) Bypass mails sent to below recipients: @domain.com
4) Reject mails sent to below recipients: @. (Again, there's a dot after '@')

With above settings, user@domain.com can sent to and receive from
domain.com, but not able to sent to or receive from other domains.

*) Now save the profile.

That's all.

This per-user restrictions is achieved in our Postfix policy server - iRedAPD,
please make sure you have two plugins enabled in iRedAPD config file
/opt/iredapd/settings.py:

*) ldap_amavisd_block_blacklisted_senders
*) ldap_recipient_restrictions

The final setting looks like this:

plugins = ['ldap_maillist_access_policy', 'ldap_amavisd_block_blacklisted_senders', 'ldap_recipient_restrictions']

shafeeks wrote:

Or do we need to modify directly the fila main.cf using the following options

No.

3

Re: Restrict user to/from External mail server

Thanks Zhang.  It works.