Submitted by -eclipse- on Mon, 06/06/2016 - 04:49Pro LicenseeComment #2
Hi Jamie
Original post
Hi all
Does anybody know if it's possible to deny SMTP access for specific sites on the virtualmin instance? Let's say I have 5 virtual sites on the server
domaina.tld domainb.tld domainc.tld domaind.tld domaine.tld
Only domain A and B should be allowed to use the SMTP localhost option, but the rest shouldn't. Is that even possible?
Thanks in advance.
Tim
I haven't found out how your notification / subscription works so I haven't see your reply before now.
Just wanted to know if it was possible to deny all sites to localhost SMTP service except the ones I have allowed.
By that I mean if I could deny virtualmin sites A and B access to the localhost SMTP server, where virtualmin site C has access and by that able to send mails to the postfix service?
Submitted by andreychek on Mon, 06/06/2016 - 09:06Comment #3
You can turn on notifications for the support tracker in Account -> Project Notifications.
There isn't really a way to prevent a domain from accessing Postfix, though disabling the Mail for Domain feature prevents them from being able to receive email.
Access to Postfix is necessary for things like cron, which email reports of cron jobs that run.
However, one thought that crosses my mind is that you could try looking into Email Messages -> Message Rate Limiting, and see if that does what you're after. If you prevent it completely, that could cause some problems (such as if there's a cron problem occurring). But you could always limit it to a low number.
Submitted by -eclipse- on Wed, 06/15/2016 - 16:18Pro LicenseeComment #4
Hi Eric
Thanks for your reply.
The Message Rate Limiting, is that based on the individual server (user) or the server in total?
If it's related to the user it would be great, if it's the server in total it would be difficult to use.
Submitted by -eclipse- on Tue, 06/21/2016 - 04:06Pro LicenseeComment #6
Hi Eric
I have installed the greylisting feature to activate the rate limit option.
I can see the global settings but the domain settings is just blanked out, so I am not able to select specific domains.
Is that because the domain needs to have the virtualmin mail option enabled before they will be listed here?
You could use "transport_maps = hash:/etc/postfix/whitelist" and add:
yourdomain1.com: * discard:
to discard all emails for all domains aside of "yourdomain1.com" or:
yourdomain1.com: * error: You are not allowed to send emails
to discard all emails for all domains (aside of "yourdomain1.com") with your custom error message.
You can even use Postfix and smtpd_recipient_restrictions to block incoming emails for domain(s) you dont want to receive any email. For all this you just need Postfix without any additional software. Plus its easy and fast to setup and not prone to errors in case you need to move to another server.
Comments
Submitted by JamieCameron on Tue, 04/12/2016 - 21:21 Comment #1
Do you mean you want to prevent scripts on specific domains from sending email, or prevent the domain from receiving email?
Submitted by -eclipse- on Mon, 06/06/2016 - 04:49 Pro Licensee Comment #2
Hi Jamie
Original post
I haven't found out how your notification / subscription works so I haven't see your reply before now. Just wanted to know if it was possible to deny all sites to localhost SMTP service except the ones I have allowed. By that I mean if I could deny virtualmin sites A and B access to the localhost SMTP server, where virtualmin site C has access and by that able to send mails to the postfix service?
Submitted by andreychek on Mon, 06/06/2016 - 09:06 Comment #3
You can turn on notifications for the support tracker in Account -> Project Notifications.
There isn't really a way to prevent a domain from accessing Postfix, though disabling the Mail for Domain feature prevents them from being able to receive email.
Access to Postfix is necessary for things like cron, which email reports of cron jobs that run.
However, one thought that crosses my mind is that you could try looking into Email Messages -> Message Rate Limiting, and see if that does what you're after. If you prevent it completely, that could cause some problems (such as if there's a cron problem occurring). But you could always limit it to a low number.
Submitted by -eclipse- on Wed, 06/15/2016 - 16:18 Pro Licensee Comment #4
Hi Eric
Thanks for your reply. The Message Rate Limiting, is that based on the individual server (user) or the server in total? If it's related to the user it would be great, if it's the server in total it would be difficult to use.
Submitted by andreychek on Wed, 06/15/2016 - 16:51 Comment #5
Hmm, if I recall, I believe those settings are per-Virtual Server.
However, you'll see the screens to configure it once you enable that option.
Submitted by -eclipse- on Tue, 06/21/2016 - 04:06 Pro Licensee Comment #6
Hi Eric
I have installed the greylisting feature to activate the rate limit option. I can see the global settings but the domain settings is just blanked out, so I am not able to select specific domains. Is that because the domain needs to have the virtualmin mail option enabled before they will be listed here?
Submitted by -eclipse- on Tue, 06/21/2016 - 04:11 Pro Licensee Comment #7
See attached file.
Submitted by andreychek on Tue, 06/21/2016 - 10:09 Comment #8
Hmm, that may indeed be the case.
Just to test that theory, do you happen to have a domain on your system with mail enabled? If so, are you able to setup email rate limits for it?
Submitted by JamieCameron on Tue, 06/21/2016 - 21:32 Comment #9
Yes, only domains with email enabled can be rate-limited.
Why not using Postfix and transport_maps - http://www.postfix.org/STANDARD_CONFIGURATION_README.html.
You could use "transport_maps = hash:/etc/postfix/whitelist" and add:
yourdomain1.com:* discard:
to discard all emails for all domains aside of "yourdomain1.com" or:
yourdomain1.com:* error: You are not allowed to send emails
to discard all emails for all domains (aside of "yourdomain1.com") with your custom error message.
You can even use Postfix and smtpd_recipient_restrictions to block incoming emails for domain(s) you dont want to receive any email. For all this you just need Postfix without any additional software. Plus its easy and fast to setup and not prone to errors in case you need to move to another server.