Hello, This might sound weird but I think once I explained myself you will get the idea. First of all, I don't know if this is possible (hopefully yes). So in our company we use ISP for web + mail server. Everything is working great. Today the CEO asked me if we could have a new mail client named student@company,com. But this student mail should only be able to contact other company mails and not the external mails. For example: student@company,com -> office@company,com student@company,com -/-> private@gmail,com Is this possible? If yes how could I reach this?
There are probably numerous ways to address that, the first that comes to mind is to write a simple postfix policy daemon that checks the addresses and rejects mail from that user to non-company domains; this would cause email from [email protected] to non-company addresses to be rejected in smtp. The second is to use sender_dependent_default_transport_maps to force all mail from that user to a transport that only delivers locally (eg. 'dovecot' or 'lmtp:unixrivate/dovecot-lmtp' if you use lmtp), though that is untested. This should generate an undeliverable message report which is sent back to [email protected] for every message they send to a non-company address, which may or may not be desirable. Probably the simplest way (sorry, this is the order I thought of these, and hence wrote them down) would be to add a new sender access restriction to smtpd_sender_restrictions, eg. try: Code: smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, reject_authenticated_sender_login_mismatch, permit_mynetworks, inline:{ [email protected]=reject_unauth_destination }, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re Or if you can't use an inline lookup table there (I don't know/remember), just create an external table like: Code: smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, reject_authenticated_sender_login_mismatch, permit_mynetworks, check_sender_access text:/etc/postfix/company_sender_access, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re Then create /etc/postfix/company_sender_access with: Code: [email protected] reject_unauth_destination You can test that in your live main.cf to get it working, but for such a change to be permanent you will need to create a conf-custom file, eg. see https://www.howtoforge.com/communit...ritten-on-ispconfig-update.66422/#post-316568
