Hi There, I have a real scenario that I'm not sure how to solve it,
local clients on the same machine that postfix resides : I want them to be restricted to their particular virtual domains that they have access to: This is a sample: User one (UID/GID 500) : has 2 virtual domains: domain1.com & domain2.com I want to restrict this user one with UID 500 to be able to send email only from those two domains, remember this is not SASL authenticated it is local sendmail delivery, and if user uses programming techniques or Mutt he can forge return-path (actual from) and of course from fields SMTPD_RESTRICTIONS_* cannot be used as local to local delivery is not passing SMTPD daemon and local to external has overlapping with other users no particular restriction can be applied per userid, I tried to use a dedicated cleanup, assigned to pre-cleanup name in master.cnf and utilize a header-check searching for (userid) , the problems are: two things must be checked: A) userid from first received line matching servers details , however a user can put forged received lines but it is cleaned up so no problem B) does that userid have access to the domain it used in from fields Cons: it requires utilizing PCRE/REGEX + hash altogether which I think is not possible, a nested PCRE/REGEX can be used which is messy and too much in case of so many users against cleanup policies as should not be used for deep content inspection Something like smtpd_recipient_restrictions would be great but with hash capability , however for local deliveries it is missing local to local deliveries can be solved somewhat using procmail or pop or maildrop but the most important stuff is local to external deliveries, people on the same host can easily forge their other mates emails without limiting hem to their domains anybody has such issue to apply such restriction per userid /per domain ACCESS control, Am I missing something obvious there? I thought SMTPD_POLICY can be used, there are two problems: local deliveries don't pass that (can be circumvented by making all local deliveries to pass an SMTPD daemon using master.cnf) but the SECOND problem is system userid is not reported in SMTP policies!! even headers are not passed which is required for this task I know postdrop (sendmail) & maildrop have ACCESS CONTROL directive that can be used : which is : authorized_submit_users and by default it is set to static:anyone the problem is I want to restrict a user to a particular domain and that domain is Virtual any help? or I have to modify source codes of sendmail, postdrop & maildrop !!! Thanks Sincerely, Kia P.
