Dylan Martin wrote:
Hi everyone. I'm thinking of a kind of unusual setup and I was hoping
for pointers. I want to set up a gateway to limit email outbound.
I've found lots of documents about limiting inbound, but not much on
limiting outbound. Here's my story.
I'm a sysadmin at a community college. I have a number of web servers
and lots of users who write incompetent CGI mail forms. After having
two of my servers blacklisted as spam relays, I wised up and blocked
SMTP outbound at the firewall. I allow email to the district email
server (not run by me), again with simple port block/allow rules on
the firewall. Student email is hosted on google apps. If I allow
uninspected STMP to google's email servers I'll still be a nice target
for spammers. I also have a few other email addresses I'd like to
send email to, like my cell phone's SMS email address etc...
So, I want to set up an outbound only SMTP gateway which only allows email to
1) the student email domain (seattlecentral.edu)
2) other addresses I specify
Very easy, just something like:
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/allowed_recipients
reject
and list all valid recipients (or recipient domains) in the
allowed recipients file.
# allowed_recipients
seattlecentral.edu OK
u...@example.com OK
...
It might be useful to limit seattlecentral.edu mail to valid
recipients, by replacing the OK above with
"reject_unverified_recipient, OK"
See:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
3) possibly other things I haven't thought of yet
and I also want to drop any attempts to send millions of emails, in
case I screw up the by-address filters.
Generally, quotas require an external policy service, such as
policyd.
-- Noel Jones
