how to disable query to dns

[packets]

I want scalix not to be able to send outside the network. I don't wait it to able to send to gmail,yahoo or any domain. I remove any content of resolv.conf and route the gateway back to itself. I even restart the router service. However, I'm still able to send to google and yahoo. I'm doing this instead of making a rule. Is scalix have some sort of dns caching? If yes, how could I remove it? Do I need to restart the network for me to be able to remove cache?

[polleke]

scalix relies on the OS for its DNS.

However what on earth are you trying to do? You are creating a mess if you want to prevent users to send to the outside world and NOT letting scalix do that.. Remember that all mail that scalix cannot deliver to the local users is delivered to sendmail. so either you disable the mailrouter orprevent SENDMAIL from sending mail to the outside world ..

[ls-al]

Removing the "internet" and "internet,tnef" route should disable the capability of sending mails to external recipients.

Code: Select all

man omshowrt
man omdelrt


This does partially not apply if sendmail is replaced by postfix (according to most "Postfix-Howtos").

[packets]

I want my users not to be able to send to external networks. As of the moment, I create a message rule that will reject all emails. However, my concern is if there are other new users, I need to change its service level.

Removing the "internet" and "internet,tnef" route should disable the capability of sending mails to external recipients.

I'll try these one. Thanks for the recommendation.

[BaldBoy]

Instead of mangling with your server config (which might need to be quicly restored to allow users to send outgoing email) you could alternatively :

• Block outgoing TCP port 25 at your gateway for comunications coming from the IP of your Scalix server: this will cause sendmail or postfix to return an error to the sending user
• Force all outogoing messages to be relayed (smarthost) through a fake smtp server which will deliver nothing: you might find useful a google for "Dumbster". In such environment, however, user have the perception their message are delivered but can't guess why recipients have never received anything.

Regards.

[les]

I want my users not to be able to send to external networks. As of the moment, I create a message rule that will reject all emails. However, my concern is if there are other new users, I need to change its service level.

Couldn't you just add a rule based on Service Level 0? By default all users are Service Level 0.

Create a rule file such as....

/var/opt/scalix/??/s/rules/noinetsnd

The contents of that file....

SENDER-SERVICE-LEVEL=0 NDN-INFO="You do not have permission to send to external addresses" ACTION=REJECT

Apply the rule in the normal way and all users, even new ones should not be able to send to the internet.

[packets]

I want my users not to be able to send to external networks. As of the moment, I create a message rule that will reject all emails. However, my concern is if there are other new users, I need to change its service level.

Couldn't you just add a rule based on Service Level 0? By default all users are Service Level 0.

Create a rule file such as....

/var/opt/scalix/??/s/rules/noinetsnd

The contents of that file....

SENDER-SERVICE-LEVEL=0 NDN-INFO="You do not have permission to send to external addresses" ACTION=REJECT

Apply the rule in the normal way and all users, even new ones should not be able to send to the internet.

Thanks for the recommendation!!