Restricting an Email Address to Specific Senders

From Zanecorpwiki

Jump to: navigation, search

The idea is to create a new class of mail, and then restrict that class such that only certain recipients are allowed. In this example, we'll create a group email address that only allows group members to send to the address.

First, let's go to the postfix config directory: 

cd /etc/postfix

First, we create the file used to mark the incoming address: '/etc/postfix/teamclass': 

#used to classify email to the 'team' address
team@somedomain.com             teamclass

Now save the file, and create the db version for postfix: 

postmap hash:teamclass

You should now see a 'teamclass.db' file in the /etc/postfix directory. Next, we want to create the valid senders list. We'll put this in '/etc/postfix/teamclass_senders': 

john@somedomain.com        OK
john@alternatedomain.com   OK
bill@somdomain.com         OK
advisor@externaldomain.com OK
gooddomain.com             OK

In this example, we're expecting john might send email from two addresses, and we allow anything from 'gooddomain.com'. Now, we create the db file for this guy: 

postmap hash:teamclass_senders

Now, let's configure postfix. The first step is to get our incoming mail to team properly classified. In /etc/postfix/main.cf, search for 'smtpd_recipient_restrictions'. You should find something like this: 

smtpd_recipient_restrictions = permit_tls_clientcerts, permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination

The tests may be on separate lines rather than separated by commas, either is valid syntax. You also may not have quite the same list of stuff, but you really should have the 'reject_unauth_destination'. Before that, you'll add the entry referring to the 'teamclass' file, which causes incoming mail to the team address to get classified as such: 

smtpd_recipient_restrictions = permit_tls_clientcerts, permit_sasl_authenticated, permit_mynetworks,hash:/etc/postfix/dfdevteam_recipient,reject_unauth_destination

Now, you need to define handling for the team class: 

#Stuff to limit the senders to 'team' to members of team; see http://www.zanecorp.com/wiki/index.php/Restricting_an_Email_Address_to_Specific_Senders
smtpd_restriction_classes = teamclass
#pass sender address for 'teamclass' mail to the sender check (which lists valid senders); if it doesn't match that, reject
teamclass = check_sender_access hash:/etc/postfix/teamclass_access, reject

Now, we need to set up the group alias. Refer to the link for details, but for quick and dirty, add something like this to the 'virtual' file: 

team@somedomain.com  john@somedomain.com, bill@somedomain.com, advisor@externaldomain.com

And rebuild the virtual file: 

postmap hash:virtual

Now we reload postfix (syntax for this may vary slightly): 

/etc/init.d/postfix reload
tail /var/log/mail #check that postfix reloaded okay and we made no syntax errors

Thanks to http://www.topology.org/linux/postfix_virtual2.html#hazards.

Retrieved from "http://www.zanecorp.com/wiki/index.php/Restricting_an_Email_Address_to_Specific_Senders"
Personal tools
NEW CHANGED