Koozali.org: home of the SME Server

Mail Server that forwards to ISP Server

Offline fastxl

  • *
  • 32
  • +0/-0
Mail Server that forwards to ISP Server
« on: November 07, 2019, 09:52:28 PM »
I have several users that I only want to be able to email within my domain. I currently use SME as an internal email server that all of my users have accounts on and some of my users have Accounts on our ISP email server so they can email the outside world. This is sort or a PITA because some users have 2 accounts. Is there anyway I can have my users have 1 account and have the SME server forward some emails but not all of them? Anyone doing something like this?

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Mail Server that forwards to ISP Server
« Reply #1 on: November 08, 2019, 11:23:53 AM »
fastxl

This has been asked for before but a technical answer is difficult/involved & possibly more effort than warranted.

Education & policing of users may be a simpler answer.

Search these forums on
Block outgoing mail

There are quite a few interesting results that may give you clues & possible answers.

eg
badmailfrom
badmailfromto
may be useful but a lot of tweaking needed to setup
Also consider using iptables, but you need to understand the usage.

Try this thread
https://forums.contribs.org/index.php?topic=40449.5

« Last Edit: November 08, 2019, 11:35:50 AM by janet »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Mail Server that forwards to ISP Server
« Reply #2 on: November 09, 2019, 03:41:13 PM »
I could not find any way to (easily) use badmailfromto to block email going to outside users.  With the plugin enabled and configured to block unwanted mail, the "relay" plugin still allows the email to go through.  I worry that reconfiguring the "relay" client would be somewhat painful...

I did think of a semi-voluntary way of doing what you want (semi-voluntary because employees who want to get around it can figure out how, and you're depending on outside servers having reliable spam filters in place...)

1) create a non-routeable secondary domain on your SME - eg "mydomain.local"
2) set the local-only users to be invisible to the outside world using db accounts setprop username Visible internal
3) configure the email clients for the local-only users to use "username@mydomain.local"
4) monitor email from internal-only users and re-educate as necessary

Email between internal users will continue to work since there is only one mailbox per "username", and email to outside destinations will be declined by the spam filters of the outside mail servers since "mydomain.local" does not exist.

You can monitor email from the "localonly" users to remote destinations (for user re-education) using:
Code: [Select]
export localonly='billing@mydomain.*remote|mmccarn@mydomain.*remote'
cat /var/log/qmail/current |/usr/local/qmailanalog/bin/matchup |egrep "$localonly" |awk '{print $7 "\t" $8}'

Output looks like this (I'm sure we could figure out how to suppress the error on line one if that is important...):
matchup: fatal: unable to write fd 5: file descriptor not open
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<mmccarn@mydomain.local>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld
<billing@mydomain.us>   remote.m.mccarn@remotedomain.tld


You can review more qmail logs than just "current" using:
Code: [Select]
cat /var/log/qmail/current /var/log/qmail/@*|/usr/local/qmailanalog/bin/matchup |egrep "$localonly" |awk '{print $7 "\t" $8}'
[edit]
Here is a code snippet that will set "localonly" to all of the users who are configured with 'Visible=internal':
Code: [Select]
export localonly=$(db accounts print |grep 'Visible|internal' |sed 's/=.*//' |while read u; do printf "$u@$(config get DomainName |sed 's/\..*//').*remote|"; done |sed 's/|$//')
« Last Edit: November 09, 2019, 03:49:57 PM by mmccarn »

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Mail Server that forwards to ISP Server
« Reply #3 on: November 11, 2019, 03:23:31 AM »
Is there anyway I can have my users have 1 account and have the SME server forward some emails but not all of them?

See
https://forums.contribs.org/index.php?topic=40449.5
What this thread refers to is if you set the Visible property for a user, & you configure SME server smarthost setting to send mail via your ISP's mail server, & where the ISP has suitable anti spamming rules, you will find that SME users with Visible property set, are not able to send mail to external addresses, that is because the ISP mail server cannot see a valid senders address on the SME server & rejects the attempt.

So there is a workaround to achieve what you want.

Easy enough to implement, just change the outgoing mail server (smarthost) setting in server manager email panel, set Visible property for a user & see what happens when that user sends to an external address. You will very quickly know if your ISP has anti spammer rules in place.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.