Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrictive mail implementation problem
Top Forums UNIX for Advanced & Expert Users Restrictive mail implementation problem Post 302343844 by zefflyn on Thursday 13th of August 2009 08:13:24 PM
Old 08-13-2009
Restrictive mail implementation problem
Any tips on this problem will be greatly appreciated.

I need to build a Linux mailserver, that needs to meet the following requirements:
  • 3 usergroups: endusers, supervisors, and management
  • Endusers will be on a local Linux mailserver
  • Supervisors and management will be on Google Apps
  • Endusers must not be able to e-mail each other or anyone in general on the Internet, but should not be able to receive e-mail from the Internet at large.
  • Endusers only can e-mail supervisors and management, and receive e-mail from supervisors and management

I'm leaning towards a Linux + Postfix server, and looking through the Postfix documentation for creative use of Relay directives, and through Sourceforge for some communication package that fits the bill. Something like RT would just about fit the bill, or even a creative BB implementation.

How could I build this?
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

mail problem !!

Hi, Below a try to send an email to a local user can be seen. I can NOT send e-mail anywhere, but I receive email perfectly. <pre> isgsi01(root)10: mail aris < /home/aris/mail2send dbm map "Alias0": unsafe map file /etc/mail/aliases: No such file or directory </pre> ..... but the... (3 Replies)
Discussion started by: guest100
3 Replies

2. UNIX for Dummies Questions & Answers

mail problem (NOT Mail or Mail.app)

When I try to use the CLI mail, I get the following error. What's wrong? Welcome to Darwin! % mail root Subject: test test . EOT % /etc/mail/sendmail.cf: line 81: fileclass: cannot open /etc/mail/local-host-names: Group writable directory Do I just need to change the... (1 Reply)
Discussion started by: chenly
1 Replies

3. OS X (Apple)

mail problem

i have mac os x 2.2 jaguar and Mail wont open any links? When i click on them it just does nothing. does anybody know why/how to fix it? please help me.. thanks, blip (4 Replies)
Discussion started by: Blip
4 Replies

4. Linux

mail problem

Hello, When I try this echo “This will go into the body of the mail.” | mail -s “Hello world” e.tekin@abc.com I m having this problem Feb 8 09:05:41 xxx sendmail: n1884jFR027821: from=<root@xxx>, size=731, class=0, nrcpts=1, msgid=<200902080804.n1884 j3U025399@xxx>, proto=ESMTP,... (7 Replies)
Discussion started by: sunsail
7 Replies

5. Red Hat

Mail Problem. Maybe, it is a DNS Problem!

Hi, i've a redhat linux 9 upadated by redhat from 7 version to 9 version. A couple of days ago i was a problem with my mail, in other words i'm not able to get any email nor to send any email. I've a proxy configuration and i tried to set iptables in order to verify the port. The 110,255 and 995... (1 Reply)
Discussion started by: pintalgi
1 Replies

6. UNIX for Advanced & Expert Users

HP UX mail problem

I am uxing HP UX mailx, I want to send mail with: 1) to list 2) cc list 3) sender address 4) mail body 5) subject 6) attachment I am using : (cat cc_list; cat mail_body; ux2dos file_1 | uuencode attachment.txt)|mailx -m -s "subject" -r sender@abc.com recepient@abc.com cc_list... (2 Replies)
Discussion started by: gautamadak
2 Replies

7. Shell Programming and Scripting

AWK Restrictive Search

I have a file with most of the lines formatted in this way: testaccount:D#%G%^V&:MeMyselfandI:memyselfandi@somesite.com:11/242012:192.168.1.1,192.168.1.2,192.168.1.3,192.168.1.4,192.168.1.5 There are a few lines with: ... (2 Replies)
Discussion started by: metallica1973
2 Replies

8. Solaris

svm implementation problem

hi all please help me with the following i am new to solaris i want to umount /test mount point and make it 8gb each i.e. /test1 and /test2 and using SVM wants to make RAID5 bash-3.00# df -h Filesystem size used avail capacity Mounted on /dev/dsk/c0t0d0s0 6.9G ... (2 Replies)
Discussion started by: nikhil kasar
2 Replies

9. Post Here to Contact Site Administrators and Moderators

Restriction of adding links is too restrictive

I am trying to write a shell script that generates links to a website. Not to spam it. The code necessarily adds things that are links, and so get rejected. In the end I have up, and have not written the post. Whilst I apprecaite you want to avoid spam, could you not implement something so... (1 Reply)
Discussion started by: drkirkby
1 Replies

LEARN ABOUT DEBIAN

mxallowd

mxallowd(1)							   User Manuals 						       mxallowd(1)

NAME

       mxallowd - dynamically whitelist your Mail eXchanger

SYNOPSIS

       mxallowd  [-d]  [-c  configfile]  [-t whitelist-time] [-p pflog-interface] [-l pcap-filter] [-F] [-s] [-q] [-p] -f fake-mailserver -r real-
       mailserver -n queue-num

DESCRIPTION

       mxallowd is a daemon which uses libnetfilter_queue (on Linux) or pf and pflog (on BSD) to allow (or deny) connections to a  mailserver  (or
       similar application) if the remote host hasn't connected to a fake daemon before.

       This  is  an improved version of the so-called nolisting (see http://www.nolisting.org/). The assumption is that spammers are not using RFC
       2821-compatible SMTP-clients and are sending fire-and-forget spam (directly to the first or second MX-entry  without  retrying  on  error).
       This direct access is blocked with mxallowd, you'll only get a connection if you retry.

       NOTE:  It  is  highly recommended to install nscd (nameserver caching daemon) or a similar software in order to speed-up DNS lookups. Since
       version 1.3, DNS lookups are done in a thread (so they don't block the main process), however,  on  very-high-traffic-sites,  mxallowd  may
       show significantly better overall performance in combination with nscd.

OPTIONS

       -b, --no-rdns-whitelist
	      Disable whitelisting all IP-addresses that have the same RDNS as the connecting one (necessary for google mail)

       -c, --config
	      Specifies an alternative configuration file (instead of /etc/mxallowd.conf)

       -t, --whitelist-time
	      Specify the amount of time (in seconds) until an IP-address will be removed from the whitelist

       -s, --stdout
	      Log to stdout, not to syslog

       -q, --quiet
	      Don't log anything but errors.

       -f, --fake-mailserver
	      Specify which IP-address the fake mailserver has (connecting to it will whitelist you for the real mailserver)

       -r, --real-mailserver
	      Specify which IP-address the real mailserver has

       -F, --foreground
	      Do not fork into background, stay on console

       -n, --queue-num (only available when compiled for netfilter_queue)
	      Specify  the  queue  number which will be used for the netfilter_queue-link. This has to be the same which is specified in the ipta-
	      bles-rule and it has to be specified, there is no default.

       -p, --pflog-interface (only available when compiled for pf)
	      Specify the pflog(4) interface which you configured in pf(4). The default is pflog0. Also see the pcap-filter-option if you  use	an
	      interface which does not only get smtp-traffic.

       -l, --pcap-filter (only available when compiled for pf)
	      Specify the filter for pcap. The default is "port 25". See tcpdump(8) for more information on the filters.

FILES

       /etc/mxallowd.conf
	      System-wide configuration file. Use the long options without the beginning two dashes. For example:

		   stdout
		   fake-mailserver 192.168.1.3
		   fake-mailserver 192.168.1.4
		   real-mailserver 192.168.1.5
		   queue-num 23

EXAMPLES FOR NETFILTER

       The  machine  has  two  IP-addresses.  The  mailserver  only  listens  on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
       (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.

       # modprobe nfnetlink_queue
       # iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j NFQUEUE --queue-num 23
       # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4 -n 23

       Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now  connect
       to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.

EXAMPLES FOR PF

       The  machine  has  two  IP-addresses.  The  mailserver  only  listens  on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
       (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.

       Create a pf.conf like this:

	    table <mx-white> persist

	    real_mailserver="192.168.1.4"
	    fake_mailserver="192.168.1.3"

	    real_mailserver6="2001:dead:beef::1"
	    fake_mailserver6="2001:dead:beef::2"

	    pass in quick log on fxp0 proto tcp from <mx-white> to $real_mailserver port smtp
	    pass in quick log on fxp0 inet6 proto tcp from <mx-white> to $real_mailserver6 port smtp
	    block in log on fxp0 proto tcp to { $fake_mailserver $real_mailserver } port smtp
	    block in log on fxp0 inet6 proto tcp to { $fake_mailserver6 $real_mailserver6 } port smtp

       Afterwards, load it and start mxallowd using the following commands:

       # pfctl -f /etc/pf.conf
       # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4

       Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now  connect
       to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.

       The ruleset for pf is actually longer because pf does more than netfilter on linux -- netfilter passes the packets and lets mxallowd decide
       whether to drop/accept whilst pf blocks/passes before even "passing" to mxallowd.

SEE ALSO

       iptables(8), pf(4), pflog(4), tcpdump(8)

AUTHOR

       Michael Stapelberg <michael+mxallowd at stapelberg dot de>

Linux								    MARCH 2012							       mxallowd(1)
All times are GMT -4. The time now is 05:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy