| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.<br> | |
| + | This is great for email accounts for young children. | ||
| − | + | All of this information was derived from: | |
| + | [http://hardware.newsforge.com/article.pl?sid=04/12/02/1728210&tid=126 A child-safe SMTP whitelist with Postfix and MySQL]<br> | ||
| + | Special Thanks to Scott Merrill for his excellent HowTo. | ||
== Postfix MySQL Maps == | == Postfix MySQL Maps == | ||
| + | Create 2 files so that Postfix can query MySQL<br> | ||
| + | |||
''' ''protected_users.cf'' ''' | ''' ''protected_users.cf'' ''' | ||
| − | dbname = | + | dbname = mail |
hosts = localhost | hosts = localhost | ||
user = postfix | user = postfix | ||
| Line 13: | Line 18: | ||
select_field = class | select_field = class | ||
where_field = recipient | where_field = recipient | ||
| − | |||
''' ''whitelist.cf'' ''' | ''' ''whitelist.cf'' ''' | ||
| − | dbname = | + | dbname = mail |
hosts = localhost | hosts = localhost | ||
user = postfix | user = postfix | ||
| Line 24: | Line 28: | ||
where_field = sender | where_field = sender | ||
| + | |||
| + | ''' ''NOTE:'' ''' You should make sure that these files are '''NOT''' world readable because they contain mysql logon/password information!!! | ||
| + | |||
| + | chmod 640 protected_users.cf whitelist.cf | ||
== Main.cf == | == Main.cf == | ||
| + | Edit /etc/postfix/main.cf with your favorite editor. | ||
=== SMTPD_RECIPIENT_RESTRICTIONS === | === SMTPD_RECIPIENT_RESTRICTIONS === | ||
| − | |||
Add this line to the ''' ''smtpd_recipient_restrictions'' ''' section. | Add this line to the ''' ''smtpd_recipient_restrictions'' ''' section. | ||
mysql:/etc/postfix/protected_users.cf | mysql:/etc/postfix/protected_users.cf | ||
| Line 56: | Line 64: | ||
UNIQUE ( `sender` ) | UNIQUE ( `sender` ) | ||
); | ); | ||
| + | |||
| + | The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.<br> | ||
| + | Use the following mysql statement as an example. | ||
| + | GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********'; | ||
| + | |||
| + | Obviously SomeUser = the MySQL user that you will be using to connect to the Database | ||
| + | and ******** = the password for this user. | ||
[[Category:Postfix]] | [[Category:Postfix]] | ||
Latest revision as of 14:37, 3 April 2007
The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.
This is great for email accounts for young children.
All of this information was derived from:
A child-safe SMTP whitelist with Postfix and MySQL
Special Thanks to Scott Merrill for his excellent HowTo.
Contents
Postfix MySQL Maps
Create 2 files so that Postfix can query MySQL
protected_users.cf
dbname = mail hosts = localhost user = postfix password = ******** table = protected_users select_field = class where_field = recipient
whitelist.cf
dbname = mail hosts = localhost user = postfix password = ******** table = whitelist select_field = action where_field = sender
NOTE: You should make sure that these files are NOT world readable because they contain mysql logon/password information!!!
chmod 640 protected_users.cf whitelist.cf
Main.cf
Edit /etc/postfix/main.cf with your favorite editor.
SMTPD_RECIPIENT_RESTRICTIONS
Add this line to the smtpd_recipient_restrictions section.
mysql:/etc/postfix/protected_users.cf
SMTPD_RESTRICTION_CLASSES
Create a restriction class. Add these lines anywhere in main.cf
smtpd_restriction_classes = whitelist whitelist = check_sender_access mysql:/etc/postfix/whitelist.cf, reject
MySQL
Create the 2 tables needed by postfix.
Protected Users Table
CREATE TABLE `protected_users` ( `recipient` VARCHAR( 50 ) NOT NULL , `class` VARCHAR( 10 ) NOT NULL, UNIQUE ( `recipient` ) );
Whitelist Table
CREATE TABLE `whitelist` ( `sender` VARCHAR( 50 ) NOT NULL , `action` VARCHAR( 2 ) NOT NULL , UNIQUE ( `sender` ) );
The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.
Use the following mysql statement as an example.
GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********';
Obviously SomeUser = the MySQL user that you will be using to connect to the Database and ******** = the password for this user.