From LedHed's Wiki
Revision as of 14:27, 3 April 2007 by Ledhed (Talk | contribs)

Jump to: navigation, search

The following information can be used to protect an email account in such a way that only messages from whitelisted (approved) senders will be accepted.
This is great for email accounts for young children.

This HowTo is for archival purposes, all of this information was derived from Scott Merrill's
A child-safe SMTP whitelist with Postfix and MySQL Special Thanks to Scott Merrill for his excellent HowTo.


Postfix MySQL Maps

protected_users.cf

dbname = mail
hosts = localhost
user = postfix
password = ********
table = protected_users
select_field = class
where_field = recipient


whitelist.cf

dbname = mail
hosts = localhost
user = postfix
password = ********
table = whitelist
select_field = action
where_field = sender


NOTE: You should make sure that these files are NOT world readable because they contain mysql logon/password information!!!

chmod 640 protected_users.cf whitelist.cf


Main.cf

Edit /etc/postfix/main.cf with your favorite editor.

SMTPD_RECIPIENT_RESTRICTIONS

Add this line to the smtpd_recipient_restrictions section.

mysql:/etc/postfix/protected_users.cf

SMTPD_RESTRICTION_CLASSES

Create a restriction class. Add these lines anywhere in main.cf

smtpd_restriction_classes = whitelist
whitelist = check_sender_access mysql:/etc/postfix/whitelist.cf, reject


MySQL

Create the 2 tables needed by postfix.

Protected Users Table

CREATE TABLE `protected_users` (
`recipient` VARCHAR( 50 ) NOT NULL ,
`class` VARCHAR( 10 ) NOT NULL,
UNIQUE ( `recipient` )
);

Whitelist Table

CREATE TABLE `whitelist` (
`sender` VARCHAR( 50 ) NOT NULL ,
`action` VARCHAR( 2 ) NOT NULL ,
UNIQUE ( `sender` )
);

The SELECT, INSERT, and DELETE privileges must be granted to which ever user will be accessing these tables.
Use the following mysql statement as an example.

GRANT SELECT,INSERT,DELETE ON mail.protected_users, mail.whitelist TO SomeUser@localhost IDENTIFIED BY '********';

Obviously SomeUser = the MySQL user that you will be using to connect to the Database and ******** = the password for this user.