1

Topic: Limit only specifed domain to send mail

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  v2.2.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Apache
- Linux/BSD distribution name and version: Redhat7
- Related log if you're reporting an issue:
====

Hi,

We have IT policy execution soon for our mail server by which mail going out of the server must be the sender within local network eg mydomain.com or *.mydomain.com. We don't want our internal user to mock up other "identity" to send mail out.  I did googled search and so far changing the smtpd_sender_restriction could make thing happen

smtpd_sender_restriction = check_sender_access regexp:/etc/postfix/sender.access, reject_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain

sender.access
!/mydomain.com/  REJECT     <--- not allow all domain except mydomain.com

I know smtpd_sender_restriction will check against "MAIL FROM"   I found it is not feasible as it is not only blocking our senders' outgoing mail not using mydomain.com but also blocking ALL incoming email not from mydomain.com which is not what we want. We want to control outgoing email's identity (MAIL FROM).

I have tried to use whitelist/backlist in iRedAdmin-PRO, it look like it is just only checking incoming mail?  Do you have any resolution for this?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Limit only specifed domain to send mail

1) For incoming emails, you can use white/blacklist and manage them with iRedAdmin-Pro.
2) For outgoing emails,

2.1) For OpenLDAP backend, we have iRedAPD plugin 'ldap_recipient_restrictions.py' for per-user throttling for outgoing emails, no per-domain throttling yet.

2.2) For SQL backends, we have iRedAPD plugin 'sql_user_restrictions.py' for per-user throttling for outgoing emails, no per-domain throttling yet.

Since this feature was requested by some users in this forum, i'm afraid that i should combine and improve these 2 plugins. Would you like to help test?

3

Re: Limit only specifed domain to send mail

Thanks Huangbin, I can help test this feature soon. Please let me know

4

Re: Limit only specifed domain to send mail

Working on this new plugin, will update here later.
You can track the progress here:
https://bitbucket.org/zhb/iredapd/commits

The idea is dropping plugins:

- ldap_amavisd_block_blacklisted_senders.py
- ldap_recipient_restrictions.py
- sql_user_restrictions.py

And improve plugin `amavisd_wblist` to handle it.

WARNING: a new table (outbound_wblist) in Amavisd SQL database is required.

5

Re: Limit only specifed domain to send mail

UPDATE: Improved plugin 'amavisd_wblist', it now supports checking wblist for both inbound + outbound message. Still need to test whether it correctly checks wblist in specified order (different priorities).

6

Re: Limit only specifed domain to send mail

UPDATE: Plugin 'amavisd_wblist' works fine for both inbound and outbound message, tested on @iredmail.org.

7

Re: Limit only specifed domain to send mail

You can now manage white/blacklists for both inbound/outbound messages with upcoming iRedAdmin-Pro:

http://www.iredmail.org/images/iredadmin/system_wblist.png

8

Re: Limit only specifed domain to send mail

Thanks Huangbin,
This means if I am going to allow only w.cn domain sender, I need to do something like this (as whitelist has higher priority than blacklist)?
whitelist sender    blacklist sender
w.cn                    @.

9

Re: Limit only specifed domain to send mail

taylorke wrote:

allow only w.cn domain sender ...
whitelist sender    blacklist sender
w.cn                    @.

Correct.