Some questions

Hi all,

Have some questions for the experts.

Can Qmail:

* enforce a limit on the number of recipients of an email?
* block email destined or CC'ed to a list of predefined mail domains?
* use a list of authorized users which can send and receive email?
* translate a FROM: and a TO: to a pre-defined user list (authorized
users)?
* enforce email size limits per destination mail domain?

Please note that qmail would only be used as a SMTP MTA and nothing
more (no local mailboxes). Thanks in advance.

F.

D> * block email destined or CC'ed to a list of predefined mail
D> domains?

DS> With SPAMCONTROL, I think.

One can do it with stock "qmail" and an smtproute for each relevant domain
pointing to a rubber wall.

D> * use a list of authorized users which can send and
D> receive email?

DS> Could probably be done with Bruce Guenter's qmail-qfilter patch.

Authorization to receive mail can be handled by the normal user database
mechanisms. Authorization to send mail (via SMTP Relay) can be handled using
the ${RELAYCLIENT} mechanism, or (if that is insufficient because the SMTP
Relay clients are to be outside of one's own networks) by the smtp-auth patch
(as long as it is configured correctly (-:).

DragonII wrote:

>
> Can Qmail:
>
> * block email destined or CC'ed to a list of predefined mail domains?

I think the qregex patch will do what you want. Put the domains you wish
to block in the badmailto control file.

Andrew

Jonathan de Boyne Pollard <J.deBoynePollard@tesco.net> writes:

> D> * block email destined or CC'ed to a list of predefined mail
> D> domains?
>
> DS> With SPAMCONTROL, I think.
>
> One can do it with stock "qmail" and an smtproute for each relevant domain
> pointing to a rubber wall.

Yeah, forgot about that...

> D> * use a list of authorized users which can send and
> D> receive email?
>
> DS> Could probably be done with Bruce Guenter's qmail-qfilter patch.
>
> Authorization to receive mail can be handled by the normal user database
> mechanisms.

Unless you're dealing with users with shell accounts, which can be
handled using qmail-users.

> Authorization to send mail (via SMTP Relay) can be handled using
> the ${RELAYCLIENT} mechanism, or (if that is insufficient because the SMTP
> Relay clients are to be outside of one's own networks) by the smtp-auth patch
> (as long as it is configured correctly (-:).

That won't work for users with shell accounts. In that case, normal
Unix access control can be used to restrict access to qmail-inject,
but there are lots of ways around that (e.g., "telnet somehost 25").

--
Dave Sill Oak Ridge National Lab, Workstation Support
Author, The qmail Handbook <http://web.infoave.net/~dsill>
<http://lifewithqmail.org/>: Almost everything you always wanted to know.

JdeBP> Authorization to receive mail can be handled by the normal
JdeBP> user database mechanisms.

DS> Unless you're dealing with users with shell accounts, which
DS> can be handled using qmail-users.

I classify "qmail-users" as one of the "normal user database mechanisms".

JdeBP> Authorization to send mail (via SMTP Relay) can be handled
JdeBP> using the ${RELAYCLIENT} mechanism, or (if that is
JdeBP> insufficient because the SMTP Relay clients are to be
JdeBP> outside of one's own networks) by the smtp-auth patch
JdeBP> (as long as it is configured correctly (-:).

DS> That won't work for users with shell accounts. [...]

He did explicitly give the proviso:

D> Please note that qmail would only be used as a
D> SMTP MTA and nothing more (no local mailboxes).

On Sun, 20 Jul 2003 22:07:43 -0400, Andrew <andrew@arda.homeunix.net>
wrote:

>I think the qregex patch will do what you want. Put the domains you wish
>to block in the badmailto control file.
>
>Andrew

Thx for the replies. One question which perhaps I wasn't clear enought
is the address translation one. Ex:

1. TO: aaa@external.net -> qmail -> TO: bbb@internal.net
2. FROM: bbb@internel.net -> qmail -> FROM: aaa@external.net

Number 1 would apply for incoming mail from the Internet while 2 would
apply for outgoing mail from the company. 1 should be easy with alias
but can qmail cope with 2? And, if so, can qmail generate an error to
the sender if, in both cases, the mail alias is not in a pre-defined
list?

The context here is that we want to allow only a few people access to
Internet mail based on a list (Unix user accounts seems the answer
here) . The internal mail domain together with the mailbox must be
translated in both directions, outgoing and incoming mail. Thx once
again.

F.