f_a_f12001 at yahoo
Oct 20, 2009, 6:49 AM
Post #5 of 7
(1888 views)
Permalink
|
|
Re: resrict account and alias to receive from specific senders only.
[In reply to]
|
|
Dear Mr:Kyle,
Thank you for your detailed explanation.
I know people can fake the email address, But who can tell the spammers about the only 1 or 2 emails that can send to this alias, It's even not security rule, It's just some people configure emails for specific needs, For example this also will benifit me on another situation, As I configured before an email so I can redirct spam emails to and the system learn from it through the a crontab entry, What if spammers send to this email and it's opposite, They will destroy my learning system for SPAM filters.
I just added simple words to permit 2 users to send
|test "$SENDER" != "test [at] example" && test $SENDER != "test2 [at] example" && exit 100 || exit 0
and all worked fine.
I felt it can be made though .qmail file but needed help on how to do something like this, This will teach me how to do more advanced things through this file later.
Again
Thanks for your detailed descriptions, Were you instructor!
--- On Sun, 10/18/09, Kyle Wheeler <kyle-qmail [at] memoryhole> wrote:
From: Kyle Wheeler <kyle-qmail [at] memoryhole>
Subject: Re: resrict account and alias to receive from specific senders only.
To: qmail [at] list
Date: Sunday, October 18, 2009, 4:17 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thursday, October 15 at 03:03 AM, quoth MOHAMED AHMED:
> I want to restrict email account and also another alias to receive
> emails from specific users only.
That's pretty easy, but the details depend on your specific setup.
Before we get into this, you have to be made aware of something. This
is going to sound stupid, but its something that is often forgotten by
beginning email administrators:
PEOPLE SOMETIMES LIE.
Spammers (or whoever) can forge the sending address on email as easily
as they can forge a realistic-looking subject line. Any security or
restriction based on email sender is an illusion (unless you require
the sender to authenticate themselves somehow). I'm going to tell you
how to do what you ask, but I'm warning you: what you're attempting to
do is probably (at best) a way of stopping only the least-determined
of violators.
In essence, each email account or alias can (or must, in the case of
aliases) have a .qmail file that specifies delivery information. To
restrict things, simply add a restriction at the beginning. For
example:
|test "$SENDER" != "allowed [at] example" && exit 100 || exit 0
That's a shell command that you're using to compare (using /bin/test)
the value of the $SENDER environment variable with the allowed value.
If the test is true (i.e. if the SENDER is not the allowed address),
this simple shell command exits with a code of 100, which tells qmail
that the delivery cannot be made. The message will be rejected. If the
test is false (i.e. if the SENDER *is* the allowed address), the
command exits with a code of 0, which tells qmail to continue
delivering the message according to any subsequent lines in the .qmail
file.
So, for example, if you have a user whose home directory is
/home/user/, then you can limit who can send to them by creating a
/home/user/.qmail file which reads:
|test "$SENDER" != "allowed [at] example" && exit 100 || exit 0
/home/user/Maildir/
Note that if the user has access to their home directory, they can
edit this file, so it's not a bulletproof restriction (to do that,
you'd have to do something slightly more complicated).
Make sense?
If you have an alias, such as is defined by
/var/qmail/alias/.qmail-user1, you can do something similar, by
modifying the alias file to insert the test command at the beginning,
like so:
|test "$SENDER" != "allowed [at] example" && exit 100 || exit 0
&user2 [at] somedomain
>Also I have alias .qmail-sales And I want user user1 [at] somadonai only
>can send emails to this alias.
This one is a bit trickier. The *easiest* way to do it (IMHO) is to
use qmail-qfilter, and create a filter to restrict things. But again,
it depends on your setup, and once again, because people can so easily
lie about their return address, it is trivial to circumvent such
restrictions.
~Kyle
- --
Man has the right to act in conscience and in freedom so as personally
to make moral decisions. "He must not be forced to act contrary to his
conscience. Nor must he be prevented from acting according to his
conscience, especially in religious matters."
-- Catholic Catechism 1782
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iQIVAwUBStp6xyuveozR/AWeAQhELA/9HI+2oN6Jyzf689VP15WfZMlv6zg6MZAL
B0O5xE6FR/BXNTnzI6moKIS/VZfP3zMK5osp0Jjju0f1jo+X4bVTa1g7WA/YMy0R
ZiQ8n5mUXazTO5HSrD1JmQwyi/tq/ef2gjaNuBvUlCqJTE+0Xk8XeuwMTA6ySxO9
xy1ow4ka3smvxrx+gQcfhwXTV61wF9aXRTSykiDnM66zbi0fXFBPLkSC4pb4Oyrc
vxHu8+eA1CktZHcmhDqG30CHOFtKJH8717oH3kZaU8ntJMWqW7zz3gJ2I4AiWA6Y
6z0eq6Coa87WB0jL9Af+JCZUJCoNaVnxfja02o4xpO1brW7JgfsMqChvQSpI/lkR
ZgKKPQocvBzUlOp4cNOJboYnVDTa948HS8FVYf1AiXrCHk548il8Muqb7q+hIJam
FqGsIpSIneQfrXsNRSV76YmUE6QeZTIYcKYVQ8rmVAlaq/qpQDywXHL9r6e0TiNg
v14qNPPj8vQpa+zkgpnO6yYiDfbV2a++fKXCp6KjQxz93fBivhhMrs7lJVoBVfEs
H/+ET04sPfXIYrjxuLg01wp9I9F5sPNCn48nNRlQ/sb2VK0zHRFvWqCS73Uyo1AX
VTbOz6oQk0KwEpOwRxwaoI/8YIo0lLLTMgBfHnZweIJW0NAhPl4v8d6OhJL1Y+tt
apPu05khjzs=
=FcKi
-----END PGP SIGNATURE-----
|
