Restricting sending mail to domain or group
Jochen Bern
Jochen.Bern at binect.de
Thu Dec 6 00:31:20 EET 2018
On 12/05/2018 06:57 PM, admin (@awib.it) wrote:
> I have a group alias (all at company.com).
> (1) Only company.com accounts should be able to send an email to
> everybody in that company via all at company.com.
Do you have a means to identify "some suitable account was used" - as
opposed to a trivially forged sender address - *other* than by watching
the actual MUA-to-MSA login happen? (E.g., you might impose a
requirement that such e-mails be cryptographically *signed* - per
S/MIME, DKIM, or whatever method can be verified automatically later on.
Or your MSA might not accept e-mail from outside the LAN and you can
globally assign trust to all e-mails that come from it.)
If not, then grabbing that info on the MSA and somehow forwarding it
securely to all@'s final MTA / MDA to base the filtering on is the best
you can do. (And ideally, your organization's MSA and MDA reside within
one and the same MTA and you'll have a filtering config/API where you
already can evaluate *both* parts of the input information - sending
account and that it's to be delivered to all@ - at once.)
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181205/77313183/attachment.p7s>
More information about the dovecot
mailing list