Restricting Specific Users

[MailMan]

Hi there,

We're about to roll out Scalix as a standard in our medium enterprise and one of the requirements we have right now is the ability to restrict users differently.

We want some users to be able to mail outside from one of our "World Accessible" domain names but for security reasons, we don't want others to be able to mail outside. That is, they should only be allowed to send mail to users who exist on that machine and no-one else.

So far the best suggestion is to just use a simple internal DNS address that doesn't exist in the outside world, but this only means that the users cannot receive mail from the outside, it doesn't mean they can't send it.

It can't be blocked by IPTables either as we want the same servers to be able to mail to the outside world for privileged users.

Does anyone have any ideas of if / how Scalix can resolve this matter?

Thanks and regards,

Ken

[mikethebike]

Ken,

you should be able to set up an acl for unix queue (man omaddacln).

Mick

[MailMan]

Ok go raibh maith agat Mick. Taistailfaidh me e

[mikethebike]

hahahaha! I had to translate, not a native, but applying for it :-)

adh mor ort

Mick

[dkelly]

You can achieve what you need by using service levels for the users.

Using ommodu like this

Code: Select all

ommodu -o "User Name" -s lvl

where lvl is a number, you can add a message delivery rule set to /var/opt/scalix/NN/s/rules/


Take a look at http://www.scalix.com/forums/viewtopic.php?t=125&highlight=senderservicelevel for more information.

Message Delivery rulesets are documented in the Administration guide on page 136 at http://www.scalix.com/documents

Cheers

Dave

[mikethebike]

Dve,

but that would allow/stop the message at the service router? The user needs to be able to send internally, but restricted externally.

Mick

on second thoughts...sorry you are right...only apply that rule to the unix routes!! Good call Dave :-)