procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Recipy syntax help

2004-03-25 04:14:21
from [Klaus Johannes Rusch] [Permanent Link] 
Hans du Plooy wrote:


I want to implement mail user restrictions in procmail.  Something like this.
User john(_at_)newingtoncs(_dot_)co(_dot_)za has e-mail, may send mail to addresses within the company, and may receive mail from addresses within the company, but he may not send/receive to/from addresses outside the company.
I thought this would be pretty easy, but it's not working. This is what I have: 

:0h
*^To: john(_at_)newingtoncs(_dot_)co(_dot_)za
{
       :0h!
       *^From:(_dot_)(_at_)newingtoncs(_dot_)co(_dot_)za
       /dev/null
}

What am I doing wrong?

Two things:

(1) Restricting receiving email from your own domain

# Drop mail not from your domain
:0 h
*!^From(_dot_)*(_at_)newingtoncs(_dot_)co(_dot_)za
/dev/null
You had misplaced the negation (!). There are two problems with this though: If the sender is not fully qualified, the mail will be discarded, and for any sender outside of your domain the mail will be silently discarded, instead of bouncing with a user unknown message. If you need to define company internal email addresses a better solution would be an internal mailserver which handles all users, and an external mail gateway which only has the valid external userids and rejects all other addresses. Of course there is another problem that your users' email addresses may show up externally, for example an "authorized" user emailing a customer and copying a colleague, but the customer cannot reply to all addresses then. After all, why give someone an email address if they are not supposed to use it? If some users really should only be able to mail internally, move them to an internal domain, something like john(_at_)newingtoncs(_dot_)internal, which is clearly identified as an address that only works internally. 

(2) Restricting sending email
Unless you run procmail for outgoing email, these rules are not going to be executed. You should be able to configure your mails server (sendmail, qmail etc.) to restrict sender addresses, however that does not stop your users from sending email through another mail server. 

--
Klaus Johannes Rusch
KlausRusch(_at_)atmedia(_dot_)net
http://www.atmedia.net/KlausRusch/



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: (il)logical algebra, Robert Allerstorfer
Next by Date:  Re: (il)logical algebra, Ruud H.G. van Tol
Previous by Thread:  Recipy syntax help, Hans du Plooy
Next by Thread:  Re: Recipy syntax help, Hans du Plooy
Indexes:  [Date] [Thread] [Top] [All Lists]