| 導購 | 订阅 | 在线投稿
分享
 
 
 

限制特定用戶收發郵件的高級訪問控制方法

來源:互聯網  2008-05-31 00:03:32  評論

一般郵件應用稍微有一電規模的企業,大多都會涉及到這樣的應用需求:

某銷售A只能收到來自163.com及sina.com的郵件某技術員B只能給內部用戶發郵件,不允許向外網發郵件,但可以收到外網郵件某主管可以收發內、外網郵件......

如何實現呢?Postfix 1.x就已經可以通過配置實現這些功能了。

以下是郵件列表裏Noel Jones 提出的解決方案:

Hello!

I have the same problem:

1. I need to permit some internal users (not all) to send mail to any

external user (Internet)

2. I need to permite any external user to send mail to some my internal

users (not all)

In fact, the problem is: just "some" of my internal users have permission to

receive mail from and send mail to the Internet.

How can I solve this?

寄件者:Noel Jones (njones@megan.vbhcs.org)

主旨:Re: RES: User Restriction.....

View this article only

新聞群組:mailing.postfix.users

日期:2002-12-04 15:18:04 PST

At 05:39 PM 12/4/02 -0200, raissa.medeiros@caixa.gov.br wrote:

1. I need to permit some internal users (not all) to send mail to any

external user (Internet)

2. I need to permite any external user to send mail to some my internal

users (not all)

In fact, the problem is: just "some" of my internal users have permission

to receive mail from and send mail to the Internet.

How can I solve this?

Thanks,

Raissa

Restricting also who can receive mail from the internet changes the example

I posted a few minutes ago.

In the example below, the same list of restricted_users is used for

controlling both who can send and who can receive internet mail. If you

don't require the local_plus feature, just leave that part out.

in main.cf: use restriction classes to make restricted_users file more readable.

smtpd_restriction_classes = local_only, local_plus local_only =

reject_unauth_destination

permit_mynetworks

reject

local_plus =

check_recipient_access hash:/etc/postfix/local_plus

check_sender_access hash:/etc/postfix/local_plus

reject_unauth_destination

permit_mynetworks

reject

this is the default setting, required for this setup.

smtpd_delay_reject = yes we'll do this in sender restrictions to avoid open relay problems.

smtpd_sender_restrictions =

check_sender_access hash:/etc/postfix/restricted_users

check_recipient_access hash:/etc/postfix/restricted_users and in /etc/postfix/restricted_users

# /etc/postfix/restricted_users

# this file contains a list of users only allowed to send and receive local

mail

# postmap this file after changes

# local users not listed here have no restrictions

user1@miodemi.com local_only

user2@miodemi.com local_plus

and in /etc/postfix/local_plus:

# /etc/postfix/local_plus

# this file contains allowed destinations and senders

# for users restricted to local_plus

# postmap this file after changes

miproveedor.com OK

Remember to "postmap local_plus" and "postmap restricted_users" after

making changes to them.

Remember to run "postfix reload" after changing main.cf

我自己常用的限制方法有幾個方法:

1) smtpd_restriction_classes = local_only

設置一個限制類別叫local_only,然後參考access(5)的格式做一個訪問控制:

local_only = check_recipient_access hash:/etc/postfix/maps/my_rcpt

文件my_rcpt內容:

163.com RELAY21cn.com RELAYhzqbbc.com RELAY

然後,設置:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/mysender

mysender內容:

hzqbbc@local.hzqbbc.com local_only

這樣凡是Mail from:的信只能RCPT TO: 到163.com, 21cn.com及 hzqbbc.com 三個地方了。其他的都發不出去。

按這個方法,還可以設置更多的類別,例如remote_only以及不限制的帳號等。但這些都只對from:限制。而且不管是否SASL後的。所以有一定缺陷。不過,已經達到目的了。

2)使用snapshot版的policy策略

根據某個hash表或配置文件,判斷對應的sender和recipient是否匹配,匹配就返回OK或者DUNNO或者RELAY等(可能RELAY已經過時,這個是postfix 1.1.x的)如果不匹配就返回錯誤代碼

按postfix所帶的smtpd-policy.pl模式,修改一下就可以使用了。詳細參考POLICY_README等。

3)使用APF for postfix

詳細地址:http://apf.org.cn/addon/

其實和2)方法是基本一致的。同樣利用postfix內置的policy功能。

一般郵件應用稍微有一電規模的企業,大多都會涉及到這樣的應用需求: 某銷售A只能收到來自163.com及sina.com的郵件某技術員B只能給內部用戶發郵件,不允許向外網發郵件,但可以收到外網郵件某主管可以收發內、外網郵件...... 如何實現呢?Postfix 1.x就已經可以通過配置實現這些功能了。 以下是郵件列表裏Noel Jones 提出的解決方案: Hello! I have the same problem: 1. I need to permit some internal users (not all) to send mail to any external user (Internet) 2. I need to permite any external user to send mail to some my internal users (not all) In fact, the problem is: just "some" of my internal users have permission to receive mail from and send mail to the Internet. How can I solve this? 寄件者:Noel Jones (njones@megan.vbhcs.org) 主旨:Re: RES: User Restriction..... View this article only 新聞群組:mailing.postfix.users 日期:2002-12-04 15:18:04 PST At 05:39 PM 12/4/02 -0200, raissa.medeiros@caixa.gov.br wrote: 1. I need to permit some internal users (not all) to send mail to any external user (Internet) 2. I need to permite any external user to send mail to some my internal users (not all) In fact, the problem is: just "some" of my internal users have permission to receive mail from and send mail to the Internet. How can I solve this? Thanks, Raissa Restricting also who can receive mail from the internet changes the example I posted a few minutes ago. In the example below, the same list of restricted_users is used for controlling both who can send and who can receive internet mail. If you don't require the local_plus feature, just leave that part out. in main.cf: use restriction classes to make restricted_users file more readable. smtpd_restriction_classes = local_only, local_plus local_only = reject_unauth_destination permit_mynetworks reject local_plus = check_recipient_access hash:/etc/postfix/local_plus check_sender_access hash:/etc/postfix/local_plus reject_unauth_destination permit_mynetworks reject this is the default setting, required for this setup. smtpd_delay_reject = yes we'll do this in sender restrictions to avoid open relay problems. smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_users check_recipient_access hash:/etc/postfix/restricted_users and in /etc/postfix/restricted_users # /etc/postfix/restricted_users # this file contains a list of users only allowed to send and receive local mail # postmap this file after changes # local users not listed here have no restrictions user1@miodemi.com local_only user2@miodemi.com local_plus and in /etc/postfix/local_plus: # /etc/postfix/local_plus # this file contains allowed destinations and senders # for users restricted to local_plus # postmap this file after changes miproveedor.com OK Remember to "postmap local_plus" and "postmap restricted_users" after making changes to them. Remember to run "postfix reload" after changing main.cf 我自己常用的限制方法有幾個方法: 1) smtpd_restriction_classes = local_only 設置一個限制類別叫local_only,然後參考access(5)的格式做一個訪問控制: local_only = check_recipient_access hash:/etc/postfix/maps/my_rcpt 文件my_rcpt內容: 163.com RELAY21cn.com RELAYhzqbbc.com RELAY 然後,設置: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/mysender mysender內容: hzqbbc@local.hzqbbc.com local_only 這樣凡是Mail from:的信只能RCPT TO: 到163.com, 21cn.com及 hzqbbc.com 三個地方了。其他的都發不出去。 按這個方法,還可以設置更多的類別,例如remote_only以及不限制的帳號等。但這些都只對from:限制。而且不管是否SASL後的。所以有一定缺陷。不過,已經達到目的了。 2)使用snapshot版的policy策略 根據某個hash表或配置文件,判斷對應的sender和recipient是否匹配,匹配就返回OK或者DUNNO或者RELAY等(可能RELAY已經過時,這個是postfix 1.1.x的)如果不匹配就返回錯誤代碼 按postfix所帶的smtpd-policy.pl模式,修改一下就可以使用了。詳細參考POLICY_README等。 3)使用APF for postfix 詳細地址:http://apf.org.cn/addon/ 其實和2)方法是基本一致的。同樣利用postfix內置的policy功能。
󰈣󰈤
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有