postfix限制特定用户收发邮件的高级访问控制方法
2007-11-08 00:25
387 查看
原贴:http://www.5dmail.net/html/2007-3-14/2007314195005.htm
Hello!
I have the same problem:
1. I need to permit some internal users (not all) to send mail to any
external user (Internet)
2. I need to permite any external user to send mail to some my internal
users (not all)
In fact, the problem is: just "some" of my internal users have permission to
receive mail from and send mail to the Internet.
How can I solve this?
View this article only
新闻群组:mailing.postfix.users
日期:2002-12-04 15:18:04 PST
In the example below, the same list of restricted_users is used for
controlling both who can send and who can receive internet mail. If you
don't require the local_plus feature, just leave that part out.
in main.cf:
use restriction classes to make restricted_users file more readable.
smtpd_restriction_classes = local_only, local_plus
local_only =
reject_unauth_destination
permit_mynetworks
reject
local_plus =
check_recipient_access hash:/etc/postfix/local_plus
check_sender_access hash:/etc/postfix/local_plus
reject_unauth_destination
permit_mynetworks
reject
this is the default setting, required for this setup.
smtpd_delay_reject = yes
we'll do this in sender restrictions to avoid open relay problems.
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/restricted_users
check_recipient_access hash:/etc/postfix/restricted_users
and in /etc/postfix/restricted_users
# /etc/postfix/restricted_users
# this file contains a list of users only allowed to send and receive local
mail
# postmap this file after changes
# local users not listed here have no restrictions
user1@miodemi.com local_only
user2@miodemi.com local_plus
and in /etc/postfix/local_plus:
# /etc/postfix/local_plus
# this file contains allowed destinations and senders
# for users restricted to local_plus
# postmap this file after changes
miproveedor.com OK
Remember to "postmap local_plus" and "postmap restricted_users" after
making changes to them.
Remember to run "postfix reload" after changing main.cf
1) smtpd_restriction_classes = local_only
设置一个限制类别叫local_only,然后参考access(5)的格式做一个访问控制:
文件my_rcpt内容:
然后,设置:
mysender内容:
这样凡是Mail from:
按这个方法,还可以设置更多的类别,例如remote_only以及不限制的帐号等。但这些都只对from:限制。而且不管是否SASL后的。所以有一定缺陷。不过,已经达到目的了。
2)使用snapshot版的policy策略
根据某个hash表或配置文件,判断对应的sender和recipient是否匹配,匹配就返回OK或者DUNNO或者RELAY等(可能RELAY已经过时,这个是postfix 1.1.x的)如果不匹配就返回错误代码
按postfix所带的smtpd-policy.pl模式,修改一下就可以使用了。详细参考POLICY_README等。
我自己的例子:
1)定义类send2hrall:
smtpd_restriction_classes = send2hrall
send2hrall =
check_sender_access mysql:/usr/local/etc/postfix/mysql-send2hrall.cf,reject
配置文件 send2hrall.cf内容如下:
hosts = localhost
user = mailuser
password = mailpasswd
dbname = maildatabase
query = select access from mysql-send2hrall where source = '%s'
2)对发给hrall@mydomain.com.cn的发件人进行审核:
smtpd_sender_restrictions =中添加:
check_recipient_access hash:/usr/local/etc/postfix/hrallclass
在/usr/local/etc/postfix目录下建立该文件
# ee /usr/local/etc/postfix/hrallclass
# postmap /usr/local/etc/postfix/hrallclass(会生成hrallclass.db)
文件/usr/local/etc/postfix/hrallclass内容如下:
hrall@mydomain.com.cn send2hrall
3)设定数据表mysql-send2hrall记录哪些人可以给hrall@mydomain.com.cn发送邮件
数据库中建立表mysql-send2hrall中使用的表,
表结构如下:
CREATE TABLE `mysql_send2hrall` (
`id` int(11) unsigned NOT NULL auto_increment,
`ctime` int(11) unsigned default NULL,
`source` varchar(128) NOT NULL default '',
`access` varchar(16) NOT NULL default '',
`type` char(1) NOT NULL default 'S',
PRIMARY KEY (`id`),
KEY `source` (`source`,`type`,`access`,`ctime`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=gb2312;
对应数据格式如下
source access
oksender@mydomain.com.cn OK
oksender@otherdomain.com OK
过程大概如下:
在smtp发送邮件的时候,通过 check_recipient_access 中获知:hrall@mydomain.com.cn该邮件接收的时候需要根据类send2hrall核查,而该类中定义了发件人核查的需求,从数据库表中获取此需求的具体结果。譬如上例中,如果发件人是oksender@mydomain.com.cn,获取的结果就为ok,这样smtp将此人发给hrall@mydomain.com.cn的邮件进行正常投递;其他如果不在数据库表mysql-send2hrall中的人,将根据下面reject的定义进行回绝
postfix限制特定用户收发邮件的高级访问控制方法
邮件应用中可能回又如下的应用需求:某销售A只能收到来自163.com及sina.com的邮件某技术员B只能给内部用户发邮件,不允许向外网发邮件,但可以收到外网邮件某主管可以收发内、外网邮件......
Hello!
I have the same problem:
1. I need to permit some internal users (not all) to send mail to any
external user (Internet)
2. I need to permite any external user to send mail to some my internal
users (not all)
In fact, the problem is: just "some" of my internal users have permission to
receive mail from and send mail to the Internet.
How can I solve this?
View this article only
新闻群组:mailing.postfix.users
日期:2002-12-04 15:18:04 PST
In the example below, the same list of restricted_users is used for
controlling both who can send and who can receive internet mail. If you
don't require the local_plus feature, just leave that part out.
in main.cf:
use restriction classes to make restricted_users file more readable.
smtpd_restriction_classes = local_only, local_plus
local_only =
reject_unauth_destination
permit_mynetworks
reject
local_plus =
check_recipient_access hash:/etc/postfix/local_plus
check_sender_access hash:/etc/postfix/local_plus
reject_unauth_destination
permit_mynetworks
reject
this is the default setting, required for this setup.
smtpd_delay_reject = yes
we'll do this in sender restrictions to avoid open relay problems.
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/restricted_users
check_recipient_access hash:/etc/postfix/restricted_users
and in /etc/postfix/restricted_users
# /etc/postfix/restricted_users
# this file contains a list of users only allowed to send and receive local
# postmap this file after changes
# local users not listed here have no restrictions
user1@miodemi.com local_only
user2@miodemi.com local_plus
and in /etc/postfix/local_plus:
# /etc/postfix/local_plus
# this file contains allowed destinations and senders
# for users restricted to local_plus
# postmap this file after changes
miproveedor.com OK
Remember to "postmap local_plus" and "postmap restricted_users" after
making changes to them.
Remember to run "postfix reload" after changing main.cf
hzqbbc的限制方法(转自hzqbbc的blog)
有几个方法:1) smtpd_restriction_classes = local_only
设置一个限制类别叫local_only,然后参考access(5)的格式做一个访问控制:
local_only = check_recipient_access hash:/etc/postfix/maps/my_rcpt
文件my_rcpt内容:
163.com RELAY21cn.com RELAYhzqbbc.com RELAY
然后,设置:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/mysender
mysender内容:
hzqbbc@local.hzqbbc.com local_only
这样凡是Mail from:
按这个方法,还可以设置更多的类别,例如remote_only以及不限制的帐号等。但这些都只对from:限制。而且不管是否SASL后的。所以有一定缺陷。不过,已经达到目的了。
2)使用snapshot版的policy策略
根据某个hash表或配置文件,判断对应的sender和recipient是否匹配,匹配就返回OK或者DUNNO或者RELAY等(可能RELAY已经过时,这个是postfix 1.1.x的)如果不匹配就返回错误代码
按postfix所带的smtpd-policy.pl模式,修改一下就可以使用了。详细参考POLICY_README等。
我自己的例子:
1)定义类send2hrall:
smtpd_restriction_classes = send2hrall
send2hrall =
check_sender_access mysql:/usr/local/etc/postfix/mysql-send2hrall.cf,reject
配置文件 send2hrall.cf内容如下:
hosts = localhost
user = mailuser
password = mailpasswd
dbname = maildatabase
query = select access from mysql-send2hrall where source = '%s'
2)对发给hrall@mydomain.com.cn的发件人进行审核:
smtpd_sender_restrictions =中添加:
check_recipient_access hash:/usr/local/etc/postfix/hrallclass
在/usr/local/etc/postfix目录下建立该文件
# ee /usr/local/etc/postfix/hrallclass
# postmap /usr/local/etc/postfix/hrallclass(会生成hrallclass.db)
文件/usr/local/etc/postfix/hrallclass内容如下:
hrall@mydomain.com.cn send2hrall
3)设定数据表mysql-send2hrall记录哪些人可以给hrall@mydomain.com.cn发送邮件
数据库中建立表mysql-send2hrall中使用的表,
表结构如下:
CREATE TABLE `mysql_send2hrall` (
`id` int(11) unsigned NOT NULL auto_increment,
`ctime` int(11) unsigned default NULL,
`source` varchar(128) NOT NULL default '',
`access` varchar(16) NOT NULL default '',
`type` char(1) NOT NULL default 'S',
PRIMARY KEY (`id`),
KEY `source` (`source`,`type`,`access`,`ctime`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=gb2312;
对应数据格式如下
source access
oksender@mydomain.com.cn OK
oksender@otherdomain.com OK
过程大概如下:
在smtp发送邮件的时候,通过 check_recipient_access 中获知:hrall@mydomain.com.cn该邮件接收的时候需要根据类send2hrall核查,而该类中定义了发件人核查的需求,从数据库表中获取此需求的具体结果。譬如上例中,如果发件人是oksender@mydomain.com.cn,获取的结果就为ok,这样smtp将此人发给hrall@mydomain.com.cn的邮件进行正常投递;其他如果不在数据库表mysql-send2hrall中的人,将根据下面reject的定义进行回绝
相关文章推荐
- Extmail/Postfix限制部分用户只能收发内部邮件
- 限制Exchange用户从Internet收发邮件
- 在Exchange Server 2007中限制部分用户只能收发内部邮件
- 限制用户访问特定的页面
- 限制部分Postfix用户只能内部收发的例子(完整版)
- Exchange 2007更改用户收发邮件大小限制
- 如何限制某些用户只能收发内部邮件,不能够对外收发邮件?
- Nginx在CDN加速之后,获取用户真实IP做并发访问限制的方法
- 在Exchange Server 2007中限制部分用户只能收发内部邮件
- 限制部分Postfix用户只能内部收发的例子(完整版)
- java权限拦截,控制当前登录用户访问方法,访问路径,并json提示,驳回请求
- nginx禁止用户访问隐藏文件和.htaccess文件 .htaccess文件(或者”分布式配置文件”)提供了针对目录改变配置的方法, 即,在一个特定的文档目录中放置一个包含一个或多个指令的文件, 以
- django限制匿名用户访问及重定向的方法实例
- Linux中限制用户访问权限的3种方法
- 在Django中限制已登录用户的访问的方法
- 如何限制部分Notes用户收发Internet邮件
- postfix限定特定用户才能发送到别名的解决方法
- [ASP.NET2.0]限制web用户对指定目录下的特定类型文件的访问
- WEB用户访问控制方法
- Postfix限制部分用户发送和接收外部邮件