The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.
This is great for email accounts for young children.
Reference: http://hardware.newsforge.com/article.pl?sid=04/12/02/1728210&tid=126
Contents
Postfix MySQL Maps
protected_users.cf
dbname = mail hosts = localhost user = postfix password = ******** table = protected_users select_field = class where_field = recipient
whitelist.cf
dbname = mail hosts = localhost user = postfix password = ******** table = whitelist select_field = action where_field = sender
NOTE: You should make sure that these files are NOT world readable because they contain mysql logon/password information!!!
chmod 640 protected_users.cf whitelist.cf
Main.cf
Edit /etc/postfix/main.cf with your favorite editor.
SMTPD_RECIPIENT_RESTRICTIONS
Add this line to the smtpd_recipient_restrictions section.
mysql:/etc/postfix/protected_users.cf
SMTPD_RESTRICTION_CLASSES
Create a restriction class. Add these lines anywhere in main.cf
smtpd_restriction_classes = whitelist whitelist = check_sender_access mysql:/etc/postfix/whitelist.cf, reject
MySQL
Create the 2 tables needed by postfix.
Protected Users Table
CREATE TABLE `protected_users` ( `recipient` VARCHAR( 50 ) NOT NULL , `class` VARCHAR( 10 ) NOT NULL, UNIQUE ( `recipient` ) );
Whitelist Table
CREATE TABLE `whitelist` ( `sender` VARCHAR( 50 ) NOT NULL , `action` VARCHAR( 2 ) NOT NULL , UNIQUE ( `sender` ) );
The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.
Use the following mysql statement as an example.
GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********';
Obviously SomeUser = the MySQL user that you will be using to connect to the Database and ******** = the password for this user.