On 12/05/2018 06:57 PM, admin (@awib.it) wrote:
I have a group alias (all@company.com). (1) Only company.com accounts should be able to send an email to everybody in that company via all@company.com.
Do you have a means to identify "some suitable account was used" - as opposed to a trivially forged sender address - *other* than by watching the actual MUA-to-MSA login happen? (E.g., you might impose a requirement that such e-mails be cryptographically *signed* - per S/MIME, DKIM, or whatever method can be verified automatically later on. Or your MSA might not accept e-mail from outside the LAN and you can globally assign trust to all e-mails that come from it.)
If not, then grabbing that info on the MSA and somehow forwarding it securely to all@'s final MTA / MDA to base the filtering on is the best you can do. (And ideally, your organization's MSA and MDA reside within one and the same MTA and you'll have a filtering config/API where you already can evaluate *both* parts of the input information - sending account and that it's to be delivered to all@ - at once.)
Regards,
Jochen Bern Systemingenieur
www.binect.de www.facebook.de/binect