The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.
This is great for email accounts for young children.
This HowTo is for archival purposes, all of this information was derived from Scott Merrill's
A child-safe SMTP whitelist with Postfix and MySQL
Special Thanks to Scott Merrill for his excellent HowTo.
Contents
Postfix MySQL Maps
protected_users.cf
dbname = mail hosts = localhost user = postfix password = ******** table = protected_users select_field = class where_field = recipient
whitelist.cf
dbname = mail hosts = localhost user = postfix password = ******** table = whitelist select_field = action where_field = sender
NOTE: You should make sure that these files are NOT world readable because they contain mysql logon/password information!!!
chmod 640 protected_users.cf whitelist.cf
Main.cf
Edit /etc/postfix/main.cf with your favorite editor.
SMTPD_RECIPIENT_RESTRICTIONS
Add this line to the smtpd_recipient_restrictions section.
mysql:/etc/postfix/protected_users.cf
SMTPD_RESTRICTION_CLASSES
Create a restriction class. Add these lines anywhere in main.cf
smtpd_restriction_classes = whitelist whitelist = check_sender_access mysql:/etc/postfix/whitelist.cf, reject
MySQL
Create the 2 tables needed by postfix.
Protected Users Table
CREATE TABLE `protected_users` ( `recipient` VARCHAR( 50 ) NOT NULL , `class` VARCHAR( 10 ) NOT NULL, UNIQUE ( `recipient` ) );
Whitelist Table
CREATE TABLE `whitelist` ( `sender` VARCHAR( 50 ) NOT NULL , `action` VARCHAR( 2 ) NOT NULL , UNIQUE ( `sender` ) );
The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.
Use the following mysql statement as an example.
GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********';
Obviously SomeUser = the MySQL user that you will be using to connect to the Database and ******** = the password for this user.