Koozali.org: home of the SME Server

Internal email only for most users

Offline cb-wizard

  • *
  • 31
  • +0/-0
Internal email only for most users
« on: January 05, 2014, 07:25:46 PM »
Hi,

Client requires internal email only for most users, selected few to send and receive external email.
Is this possible and how do we configure it?

Thanks
cb-wizard
...

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: Internal email only for most users
« Reply #1 on: January 05, 2014, 08:46:52 PM »
I fear that it is not possible, when you create an account, automatically you have an email, a samba, a ftp account....all allowed to send and receive external emails

However if you turn your server to a "private server and gateway" mode you can have your emails only on the local network....ether external or internal, sorry not both

I know that there is a NFR raised to allow the sysadmin to decide if the user can have a emailbox : http://bugs.contribs.org/show_bug.cgi?id=4374

I understand that it could be useful but no options in the server-manager

See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Internal email only for most users
« Reply #2 on: January 06, 2014, 01:09:23 PM »
According to DB_Variables_Configuration#Miscellaneous_Other_DB_Variables and Email#Disable_mail_to_a_user_from_an_external_network you can control this behavior using the 'Visible' property:


db accounts setprop username Visible internal ; signal-event email-update
- Make an email address invisible from outside? (see http://forums.contribs.org/index.php?topic=36302.0)

db accounts setprop pseudonym Visible internal ; signal-event email-update
- Make an pseudonym email address invisible from outside

And here's a command to set 'Visible=internal for all of your users:
Code: [Select]
db accounts show | awk -F "="  '/\=user/ {print $1}' |while read USER; do db accounts setprop $USER Visible internal; done
However, this seems to only affect /var/qmail/control/badrcptto - denying external delivery to your users but allowing outbound emails:
http://forums.contribs.org/index.php?topic=40449.5

There may be a way to get the behavior you're looking for using the 'check_badmailfromto' plugin:
http://wiki.contribs.org/SME_Server:Documentation:Technical_Manual:Booklet#How_to_block_email_from_one_address_to_another_address_with_check_badmailfromto_plugin

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: Internal email only for most users
« Reply #3 on: January 06, 2014, 08:01:00 PM »
Good shot mmccarn, i have written your comment in the wiki, i can learn everyday with you guys

http://wiki.contribs.org/Email#Disable_mail_to_a_user_from_an_external_network

I'm still thinking that we could provide a nfr about this, the behaviour to allow or not an account to get mails.
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Internal email only for most users
« Reply #4 on: January 06, 2014, 11:50:48 PM »
cb-wizard, stephdl et al

Quote
I'm still thinking that we could provide a nfr about this, the behaviour to allow or not an account to get mails.

There is another way to control user accounts to prevent them from sending any emails.
If you put a users email address in
/var/qmail/control/badmailfrom
This will stop them sending email messages (both locally & externally).

The E-mail WBL panel supports this in the Black List section, in the qmail badmailfrom field.
Obviously intended to block external users from sending spam etc, but it will also block internal users.

Note this only reads the senders email address, so if they spoof their address (change it to something else in the email client that is acceptable to sme server) then they will still be able to send emails. Most users would not know that.
 
Use this in combination with setting the Visible internal property for that user & I believe that will stop them sending or receiving email messages, both locally & externally.

Unfortunately there is no simple answer (that I know of) to the original question of "allow internal only email for some users & internal & external for other users". I think that may require Postfix or similar.

Actually there may be some ways to achieve what is desired (ie internal mail only & no external), but you will need to experiment & test a bit etc.
See this thread
http://forums.contribs.org/index.php?topic=40449.5
& read it all particularly the last few posts, Charlie has some good pointers what to try.
« Last Edit: January 07, 2014, 12:06:00 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.