From LedHed's Wiki
Jump to: navigation, search
 
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
Creating an email whitelist.
+
The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.<br>
 +
This is great for email accounts for young children.
  
Reference: http://hardware.newsforge.com/article.pl?sid=04/12/02/1728210&tid=126
+
All of this information was derived from:
 +
[http://hardware.newsforge.com/article.pl?sid=04/12/02/1728210&tid=126 A child-safe SMTP whitelist with Postfix and MySQL]<br>
 +
Special Thanks to Scott Merrill for his excellent HowTo.
  
  
 
== Postfix MySQL Maps ==
 
== Postfix MySQL Maps ==
 +
Create 2 files so that Postfix can query MySQL<br>
 +
 
''' ''protected_users.cf'' '''
 
''' ''protected_users.cf'' '''
  dbname = postfix
+
  dbname = mail
 
  hosts = localhost
 
  hosts = localhost
 
  user = postfix
 
  user = postfix
Line 13: Line 18:
 
  select_field = class
 
  select_field = class
 
  where_field = recipient
 
  where_field = recipient
 
  
 
''' ''whitelist.cf'' '''
 
''' ''whitelist.cf'' '''
  dbname = postfix
+
  dbname = mail
 
  hosts = localhost
 
  hosts = localhost
 
  user = postfix
 
  user = postfix
Line 24: Line 28:
 
  where_field = sender
 
  where_field = sender
  
 +
 +
''' ''NOTE:'' ''' You should make sure that these files are '''NOT''' world readable because they contain mysql logon/password information!!!
 +
 +
chmod 640 protected_users.cf whitelist.cf
  
  
 
== Main.cf ==
 
== Main.cf ==
 +
Edit /etc/postfix/main.cf with your favorite editor.
  
 
=== SMTPD_RECIPIENT_RESTRICTIONS ===
 
=== SMTPD_RECIPIENT_RESTRICTIONS ===
Edit /etc/postfix/main.cf
 
 
Add this line to the ''' ''smtpd_recipient_restrictions'' ''' section.
 
Add this line to the ''' ''smtpd_recipient_restrictions'' ''' section.
 
  mysql:/etc/postfix/protected_users.cf
 
  mysql:/etc/postfix/protected_users.cf
Line 56: Line 64:
 
  UNIQUE ( `sender` )
 
  UNIQUE ( `sender` )
 
  );
 
  );
 +
 +
The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.<br>
 +
Use the following mysql statement as an example.
 +
GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********';
 +
 +
Obviously SomeUser = the MySQL user that you will be using to connect to the Database
 +
and ******** = the password for this user.
  
  
 
[[Category:Postfix]]
 
[[Category:Postfix]]

Latest revision as of 14:37, 3 April 2007

The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.
This is great for email accounts for young children.

All of this information was derived from: A child-safe SMTP whitelist with Postfix and MySQL
Special Thanks to Scott Merrill for his excellent HowTo.


Postfix MySQL Maps

Create 2 files so that Postfix can query MySQL

protected_users.cf

dbname = mail
hosts = localhost
user = postfix
password = ********
table = protected_users
select_field = class
where_field = recipient

whitelist.cf

dbname = mail
hosts = localhost
user = postfix
password = ********
table = whitelist
select_field = action
where_field = sender


NOTE: You should make sure that these files are NOT world readable because they contain mysql logon/password information!!!

chmod 640 protected_users.cf whitelist.cf


Main.cf

Edit /etc/postfix/main.cf with your favorite editor.

SMTPD_RECIPIENT_RESTRICTIONS

Add this line to the smtpd_recipient_restrictions section.

mysql:/etc/postfix/protected_users.cf

SMTPD_RESTRICTION_CLASSES

Create a restriction class. Add these lines anywhere in main.cf

smtpd_restriction_classes = whitelist
whitelist = check_sender_access mysql:/etc/postfix/whitelist.cf, reject


MySQL

Create the 2 tables needed by postfix.

Protected Users Table

CREATE TABLE `protected_users` (
`recipient` VARCHAR( 50 ) NOT NULL ,
`class` VARCHAR( 10 ) NOT NULL,
UNIQUE ( `recipient` )
);

Whitelist Table

CREATE TABLE `whitelist` (
`sender` VARCHAR( 50 ) NOT NULL ,
`action` VARCHAR( 2 ) NOT NULL ,
UNIQUE ( `sender` )
);

The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.
Use the following mysql statement as an example.

GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********';

Obviously SomeUser = the MySQL user that you will be using to connect to the Database and ******** = the password for this user.