Restricting local users from sending external mail

Last Update 2002-07-24

Proposal from Andrzej Filip:

Alternatively: This example ruleset restricts local users from sending mail to external recipients. It uses class w to detect local senders/recipients. Attention: this protection is only based on the address information given in the envelope of the e-mail which can be easily forged.

List those aliases (which are local) in a file:

Then the rules work like this:
# get sender address and canonify it
R$*				$: $1 $| $>3 $&f
R$* $| <>			$@ OK		<> is always ok
R$* $| $={Internal} <@$=w.>	$: $1
R$* $| $={Internal}		$: $1		luser?
R$* $| $*			$@ OK		someone else
R$*				$: $>3 $1	check recipient
R$+<@$=w.>			$@ OK		local? ok
R$+<@$+>			$#error $@ 5.1.8 $: "551 sorry luser your boss does not like you"

Before 8.9, you have to use Scheck_rcpt instead of SLocal_check_rcpt.

The ruleset works like this:

  1. is the sender a local user (listed in the file)?
  2. if no: OK
  3. if yes: the recipient must be local too
  4. if it isn't: error

If you want to use several SLocal_check_rcpt rulesets, see Combining Rulesets.

[(links)] [Hints] [Avoiding UBE] [cf/README] [New]
Copyright © Claus Aßmann Please send comments to: <ca at>
Disclaimer: the information provided may be inaccurate or outdated or incomplete. Please contact me if you find an error.