:: [DNG] dovecot / exim4 / system user…
Forside
Slet denne besked
Besvar denne besked
Skribent: Andrew McGlashan
Dato:  
Til: Devuan DNG
Emne: [DNG] dovecot / exim4 / system users -- restriction of emails per user
Hi,

I'm sure that this has been solved, but I can't find the answers and I'm
having trouble crafting a solution.

Running exim4 4.8+ (with split setup) / dovecot 1:2.1+ -- with system
user auth and virtual users with exim4.


Each system user login can use ANY email address for "sender and/or
reply-to" for domains that the server is the mail exchanger for; that
is, they are not restricted to their /own/ authorized set of email
addresses.


The system user aaa can send email as aaa@??? as well as
bbb@??? -- They do need to "auth" to send, but what should
happen is that the user needs to be restricted to sending as
aaa@??? and/or perhaps additional other email address(es) such
as accounts@??? but not as bbb@


The system user "aaa" may receive emails for say the following:
sales@
info@
accounts@
aaa@


Whilst system user "bbb" may receive emails for say the following:
sales@
info@
bbb@
[not accounts@ for instance]


This can be multiplied by adding similar domains such as:
example.com
example.net.au
example.com.au


Each of the additional domains may have their own set of authorized
emails for the system user; either aaa or bbb system user in this
example. The point is, I need to restrict users (even ones logged in
and authenticated, which includes every user) to be able to send emails
ONLY for address(es) to which they are specifically authorized to do so.


The users have their own distinct system logins (not shared), they each
have a set of email addresses that they are allowed to be the sender for
such -- but they need to be limited to only those address(es). The
above example, aaa may be allowed to send as accounts@ but bbb should
not be allowed to send as accounts@ Both users aaa and bbb might be
allowed to send as info@ as well.

There are other domain names that the server is also the mail exchanger
for, but they are otherwise completely unrelated to the ones above;
those other domains will have their own system users and set of
authorized address(es) that they can send from.


The users securely log in to send email via dovecot with TLS over port
465 or perhaps using a webmail (squirelmail) interface, which in turn
will also use dovecot via localhost.

I would like for there to be a simple and secured text file for each
system login that contains ALL of the authorized email addresses that
the system user is authorized to send email as -- sending should fail if
the authenticated user tries to send as some address that is not
authorized for them to use. An alert to admin or root would be a good
too for mis-use.

The idea is that system users shouldn't be able to improperly use any
email address that they are otherwise not authorized to use.

What is the best way to enforce these restrictions?

Kind Regards
AndrewM