Thanks rob0, no need to beat me down with the access comment - I simply meant using REJECT within the access file. I have gone over the restriction class readme as well but didnt find an implementation, I am a somewhat new postfix user but able to learn.
Yes, my users are untrustworthy and on their own subnet. Ill keep reading and searching for a method. Appreciations. On Thu, Jun 20, 2013 at 5:18 PM, /dev/rob0 <r...@gmx.co.uk> wrote: > On Thu, Jun 20, 2013 at 12:23:19PM -0400, linuxknight wrote: > > Greetings, I am attempting to limit specific local users from > > sending mail to ALL addresses except members of my management team. > > > > Basically I want our sales agents to be able to receive important > > emails/bulletins from management, but only be able to reply to and > > send email to the members of management. > > IMO, this sounds like you're trying to solve a political problem > using technical means. > > > Initially I figured I would just block their ability to send > > altogether with /etc/postfix/access > > What is /etc/postfix/access? It has no magical, universal meaning > across all of Postfixland. There are many different types of > access(5) lookups which can be done. If you don't understand this, > your chances of solving this problem are poor. This might be a > starting point: > > http://www.postfix.org/SMTPD_ACCESS_README.html > > > but then decided it would be nice to give them the > > ability to email management if necessary. If there are no other > > solutions, I will probably just defer to the latter. > > > > I have postfix setup so they cant send to or receive email from > > the outside world, I just want to limit WHO they can send email > > TO within the company. Unfortunately many of my staff would abuse > > the privilege if I allowed them to email anyone internally. > > You probably already have these untrustworthy staff (!) on an > isolated and restricted subnet, right? (If not, there may be other > political problems you need to address.) It would be simple to > present clients from that subnet (via a check_client_access lookup) > with a check_recipient_access lookup. > > Another idea using sender addresses is here: > > http://www.postfix.org/RESTRICTION_CLASS_README.html#external > > But in that case you will also need to force authentication and > maintain smtpd_sender_login_maps. This might be more work than you > will wish to commit to for an untrustworthy staff, which probably > also means high turnover rates. > > RESTRICTION_CLASS_README.html has the basics you need in either case. > -- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: >
