Hi Peter,
Let me see if I understood your plan. You say that, in order to disable the
RELAYCLIENT to just some accounts, and this way, setting them as
partially** internal-only, I should:
** remember that just by disabling the RELAYCLIENT variable the
account could
still receive external e-mail. They just can't send e-mail to
external accounts. If so,
this configuration still doesn't fully implement the internal-only
accounts feature I'm
looking for
1 - Disable the pop-before-smtp scheme by recompiling vpopmail.
( OR disable it just to a specific domain by
running "vmoduser -r domainname". ),
AND Remove the RELAYCLIENT variable for the whole network,
AND Enable the SMTP-AUTH scheme on the qmail server,
AND configure "full" accounts (not internal-only) to authenticate via
SMTP-AUTH.
OR
2 - Enable the pop-before-smtp scheme for everybody in the domain,
AND Remove the RELAYCLIENT variable for the whole network,
AND selectively disable the pop-before-smtp capability of the
internal-only
accounts by running a "vmoduser -r [EMAIL PROTECTED]" for
each internal-only account.
Is this what you planned?
I agree that both strategies are much better than putting a lot of IP
addresses in the beginning of tcp.smtp file, and I also agree that just by
disabling a user from sending e-mail to external accounts will force him to
not use his work e-mail to contact his external friends, once he'll never
be able the answer their messages. But there's a possibility for him to
receive external e-mail, and I don't want this leak opened.
So this is not what I'm looking for yet.
More ideas?
regards,
-------------------------------------------------
Bruno Negrao - Network Manager
Engepel Teleinformática. 55-31-34812311
Belo Horizonte, MG, Brazil
