1 Client mail for internal only

Discussion in 'Installation/Configuration' started by Diogo Jesus, Mar 28, 2018.

  1. Diogo Jesus

    Diogo Jesus New Member

    Hello, This might sound weird but I think once I explained myself you will get the idea.
    First of all, I don't know if this is possible (hopefully yes).

    So in our company we use ISP for web + mail server. Everything is working great.

    Today the CEO asked me if we could have a new mail client named [email protected],com.

    But this student mail should only be able to contact other company mails and not the external mails.

    For example:

    [email protected],com -> [email protected],com
    [email protected],com -/-> [email protected],com

    Is this possible? If yes how could I reach this?
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    There are probably numerous ways to address that, the first that comes to mind is to write a simple postfix policy daemon that checks the addresses and rejects mail from that user to non-company domains; this would cause email from [email protected] to non-company addresses to be rejected in smtp.

    The second is to use sender_dependent_default_transport_maps to force all mail from that user to a transport that only delivers locally (eg. 'dovecot' or 'lmtp:unix:private/dovecot-lmtp' if you use lmtp), though that is untested. This should generate an undeliverable message report which is sent back to [email protected] for every message they send to a non-company address, which may or may not be desirable.

    Probably the simplest way (sorry, this is the order I thought of these, and hence wrote them down) would be to add a new sender access restriction to smtpd_sender_restrictions, eg. try:
    Code:
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, reject_authenticated_sender_login_mismatch, permit_mynetworks, inline:{ [email protected]=reject_unauth_destination }, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    
    Or if you can't use an inline lookup table there (I don't know/remember), just create an external table like:
    Code:
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, reject_authenticated_sender_login_mismatch, permit_mynetworks, check_sender_access text:/etc/postfix/company_sender_access, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    
    Then create /etc/postfix/company_sender_access with:
    Code:
    [email protected]  reject_unauth_destination
    
    You can test that in your live main.cf to get it working, but for such a change to be permanent you will need to create a conf-custom file, eg. see https://www.howtoforge.com/communit...ritten-on-ispconfig-update.66422/#post-316568
     
    Diogo Jesus likes this.
  3. Diogo Jesus

    Diogo Jesus New Member

    Hi,
    thanks for the quick reply in inline option worked like a charm. Thank you
     

Share This Page