Restricting local users from sending external mail

Last Update 2002-07-24

Proposal from Andrzej Filip:

enable SMTP AUTH
require authentication for relaying [sending messages to non local adresses]
give SMTP passwords only to privileged users

Alternatively: This example ruleset restricts local users from sending mail to external recipients. It uses class w to detect local senders/recipients. Attention: this protection is only based on the address information given in the envelope of the e-mail which can be easily forged.

List those aliases (which are local) in a file:

LOCAL_CONFIG
F{Internal}/etc/mail/intern.only

Then the rules work like this:

LOCAL_RULESETS
SLocal_check_rcpt
# get sender address and canonify it
R$*				$: $1 $| $>3 $&f
R$* $| <>			$@ OK		<> is always ok
R$* $| $={Internal} <@$=w.>	$: $1		luser@local.host?
R$* $| $={Internal}		$: $1		luser?
R$* $| $*			$@ OK		someone else
R$*				$: $>3 $1	check recipient
R$+<@$=w.>			$@ OK		local? ok
R$+<@$+>			$#error $@ 5.1.8 $: "551 sorry luser your boss does not like you"

Before 8.9, you have to use Scheck_rcpt instead of SLocal_check_rcpt.

The ruleset works like this:

is the sender a local user (listed in the file)?
if no: OK
if yes: the recipient must be local too
if it isn't: error

If you want to use several SLocal_check_rcpt rulesets, see Combining Rulesets.

[(links)] [Hints] [Avoiding UBE] [cf/README] [New]

Disclaimer: the information provided may be inaccurate or outdated or incomplete. Please contact me if you find an error.