On Tue, Nov 30, 2010 at 07:22:39PM +0100, Jeroen Geilman wrote:
> On 11/30/2010 04:27 PM, Gustavo Villaran wrote:
>> Hi, i just installed postfix on my company and is working fine, now the
>> company management has asked me to
>> implement a group security model that i dont know if i could do it in
>> postfix, it goes like this :
>>
>> 1. We want to have a group of persons that can send and receive emails
>> without restrictions
>
> Add them to a sender whitelist, with appropriate restrictions on the client
> IP (or set up SASL/TLS for "road warriors").
> Make sure to put this whitelist access map in front of any BLACKLISTS you
> use.
>
>> 2. We want to have a group of persons that can send and receive emails but
>> they cannot send attachments ( based on extensions .exe, .pdf,.xls etc)
>
> Probably best done with a policy server.
Policy servers don't see message content. So this is unlikely to be the
right solution. One needs a content filter or milter than applies the
appropriate policy. A sender-dependent internal hop with mime_header_checks
could in theory crudely approximate this, but:
Defining what is or is not an attachment is not as simple as it
seems. In a message with a text/plain and a text/html alternative part
is the text/html an attachment? What about a text/plain and an inline
application/pdf alternative part? What about a multipart/related
HTML body with embedded images?
So the OP needs to get a very precise definition of the problem, and if
possible solve it at the desktop, rather than the SMTP gateway.
--
Viktor.
