Koozali.org: home of the SME Server

block users sending email to external domains

Offline boobee

  • *
  • 32
  • +0/-0
block users sending email to external domains
« on: March 22, 2007, 09:29:52 PM »
Hi all,

i need to restrict a bunch of local users from sending email, denying outside recipients and allowing localdomain only from smtp/horde.

i'm already using smtp-auth even on LAN, this way i don't allow relay for local network as a first protection again "smart" users, but now i was asked to let these ppl send emails but just locally.

i've been looking around for this, but maybe not enough, as i couldn't find the right answer.

is this kind of limitation possible, or can anyone point me in the right direction?

thank you very much

b.

Offline Tib

  • *
  • 571
  • +0/-0
    • http://www.tibors.net
block users sending email to external domains
« Reply #1 on: March 23, 2007, 12:17:42 AM »
You can try this out

http://www.cooltemp.com.au/smefiles/smeserver-squidproperties-1.0.0-01.noarch.rpm

It allows you to block IP addresses that you don't want to allow web browsing etc.

But it also blocks them from using webmail.

It does however allow you to use pop or imap so you can use outlook or thunderbird to e-mail internally.

We use it here at work.

Has a few extra features as well like dumping squit cache and bypass caching of other domains you may host.


Regards,

Tib

Offline boobee

  • *
  • 32
  • +0/-0
block users sending email to external domains
« Reply #2 on: March 23, 2007, 09:53:03 AM »
Hi Tib,

Thanks for your answer. I'm using sme server-only with 1 network adapter in an ipcop DMZ, it won't route any traffic for my network so unfortunately the squid trick isn't an option.

i'm afraid firewalling on sme wouldn't be a good solution either for my problem, it would require a lot of work for setup and maintaining my "bunch of users" which is around ~300 restricted accounts on about 650 total and coming in from 3 different subnets.

a solution could be a script that checks RCPT TO addresses and relay external domains for some users, and block some others users, but don't know where to start...

Searching a little more, seems like there is a contrib which would do it, http://www.dungog.net/sme/panels/Email%20-%20Admin%20individual.html, there's an option like Email Delivery: Unrestricted/Internal, anyone had a chance to use it and could tell me if it does what i'm looking for?

thank you!
b.

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
block users sending email to external domains
« Reply #3 on: March 23, 2007, 10:36:28 AM »
It will work but you'll have to pay for it.

Thiss will work if you want to restrist users from receiving mail from outside.
Code: [Select]
db accounts setprop username Visible internal
signal-event email-update
"It should just work" if it doesn't report it. Thanks!

Offline boobee

  • *
  • 32
  • +0/-0
block users sending email to external domains
« Reply #4 on: March 25, 2007, 06:55:30 PM »
Quote from: "bpivk"
It will work but you'll have to pay for it.

Thiss will work if you want to restrist users from receiving mail from outside.
Code: [Select]
db accounts setprop username Visible internal
signal-event email-update


Thanks bpivk, that last bit will partially help, but to block sending to external domains the only option so far is to pay for the whole package which is, IMHO, a bit too much for using just one feature of the many others (cool and userful indeed) dungog offers for the price.

There should be some kind of customization to do around .qmail into users profile or badmailfrom into /var/qmail/control, but i'm really a newbie in qmail and it seems like there's no other easy way than going dungog.

i think i'll go maybe with a second sme7 on a subdomain and play with smtproutes...

Offline dmay

  • *
  • 450
  • +0/-0
    • http://myezserver.com
Re: block users sending email to external domains
« Reply #5 on: March 25, 2007, 11:11:25 PM »
Quote from: "boobee"
Hi all,

i need to restrict a bunch of local users from sending email, denying outside recipients and allowing localdomain only from smtp/horde.

In previous releases, SME was using mailfront which had an excellent mailrules feature where this was very easy to implement. I know a few schools that really liked this as it permitted the admin to restrict students to send to internal classmates and teachers only, blocking all outbound external mail. SME already has the inbound 'Visible internal' db blocking mechanism.

SME now uses qpsmtpd and IIUC I do not see a similar feature/plugin available. I suggest you join the qpsmtpd mailing list (http://smtpd.develooper.com/list.html) and send a post detailing what you are looking for, ask if it is possible or if not could it be a new feature request.

Darrell

Offline gordonr

  • *
  • 646
  • +0/-0
    • http://www.smeserver.com.au/
Re: block users sending email to external domains
« Reply #6 on: March 26, 2007, 01:30:22 PM »
Quote from: "dmay"

SME now uses qpsmtpd and IIUC I do not see a similar feature/plugin available.


Have a look at /usr/share/qpsmtpd/plugins/check_badmailfromto

We don't use it by default, but it's there and it probably does what you want.
............

Offline dmay

  • *
  • 450
  • +0/-0
    • http://myezserver.com
Re: block users sending email to external domains
« Reply #7 on: March 26, 2007, 09:35:09 PM »
Quote from: "gordonr"
Have a look at /usr/share/qpsmtpd/plugins/check_badmailfromto

Gordon,

I did look at that and may not be interpreting this plugin correctly. :? My read led me to believe this blocks matching from/to combinations. I could not see how using this plugin alone would achieve the desired result of permitting a local user to send mail to local recipients only.

In mailfront mailrules, rules were processed in order, and rules had different actions to apply. You would first add an accept rule followed with a reject rule (where k = accept and d = reject).

kuser@mydomain.com:*@mydomain.com:accepted
duser@mydomain.com:*@*:rejected

This restricted the local user to send local mail only. How may this be achieved using check_badmailfromto?

Darrell

gyaresu

block users sending email to external domains
« Reply #8 on: May 29, 2007, 04:15:47 AM »
Hi Gordon & Darrell.

I am looking for exactly the same thing and can't seem to find a solution.

I only want to be able to send emails to accounts on the server and not to send externally.

Apart from blocking the outbound smtp port is there a way to do this?

Regards
Gareth

Offline syscom

  • 14
  • +0/-0
Re: block users sending email to external domains
« Reply #9 on: September 03, 2007, 02:52:56 AM »
Hi !

I am also interested by blocking selected local users from sending / receiving emails to / from INTERNET.

Any simple way to do that ?

Thanks in advance.