On Mon, 22 May 2000, Ed Woodson wrote:
> I have been scanning the list archives for hours, trying to figure out how I
> can accomplish this:
>
> I have a qmail server up and running perfectly, doing selective relaying for
> our internal network only. I would like to further limit this for selected
> users, if possible. My ultimate goal is to have two classes of users, one
> class which can use qmail for both "external" and "internal" mail, and
> another class which is limited to "internal" mail only.
>
> Please correct me if I am wrong, but it appears that my choices are:
>
> 1) selectively relay based upon IP address
> 2) control relaying by envelope sender (using the "relaymailfrom" patch)
>
> Is it possible to combine the two? For example, can I allow relaying from
> my own network only with (1), and also use the "relaymailfrom" patch to
> restrict this _further_ to messages with a certain envelope sender?
>
> I know that (2) is closer to what I am trying to do, but it seems to add to
> those allowed to relay, not to further restrict it. Also, I know that it is
> easy for a user to forge the envelope sender, but I am not worried about
> that (as long as I can still be assured it is coming from our local
> network).
>
> Please tell me if I am overlooking something obvious
>
i have never tried this, but if you are using secure workstations
eg. Windows NT or Linux or any other multi-user OS then you might be able
to install ident daemons on them. in the hosts.allow you can add username
lookups to allow relaying. i'm not sure if this is possible with
tcpserver.
i'm sure that there's a better way and i'll wait for it too!
