Is there a way to disallow changing forwards in mailuser login either in general or for instance for a web? Background: I have a client who forwards mail for most employees to a central mailbox (in addition to his own). So, in case he is ill, on vacation or unavailable another employee can take care of it. They want their employees not to be able to change forwarding to that central mailbox. Any ideas? As I understand, forwarding is not done via aliases but in .forward. The first solution that comes to mind is write-protecting the file or changing the owner (at least the latter may create problems with procmail?). Not ideal in anyway I think. Can I tell postfix to forward all mail for a domain in addition to the normal destination to some mailbox? (a transport would just forward all domain mail and not deliver to the normal mailboxes as well, I think this cannot be tweaked, right?) Thanks for any better ideas.
Yes, this will create problems with procmail... IT should be possible to do this with transports. Have a look at Code: man 5 transport
man transport contains the same text as /etc/postfix/transport. I already read this file and virtual and generic and what else there is The main point is that these work as "nexthop" destinations. But "we" do not want to "hop". We want to "hop *and* deliver here" so to speak. I do not see any option to specify a "deliver to here and also deliver to here" for these maps. The only option is something like Code: email@host transporttype:targethost whatever way I do this it just delivers to one destination. What my client needs is deliver to two or more destinations, where one destination (or maybe all) cannot be changed. The only way I see one could do this with transport is to redirect to an alias, maybe like this: Code: email1@host local:myalias1 email2@host local:myalias2 and then in aliases: Code: myalias1 mycentralmailbox,webxxp1 myalias2 mycentralmailbox,webxxp2 With this approach it doesn't matter what the mailuser changes and writes to .forward. Do you think this would work? (Not sure, if it's actually local: or not virtual: that I should use here.) What do you think? DSo you see something better? This would need the client to edit transport and aliases, but he should be able to do it in Webmin. And it avoids fiddling around with any ISPConfig stuff.
