Is it possible to deny SMTP for a specific virtual site

Hi

Please read the forum post here : https://www.virtualmin.com/node/39931

  • Tim
Status: 
Active

Comments

Do you mean you want to prevent scripts on specific domains from sending email, or prevent the domain from receiving email?

Hi Jamie

Original post

Hi all Does anybody know if it's possible to deny SMTP access for specific sites on the virtualmin instance? Let's say I have 5 virtual sites on the server domaina.tld domainb.tld domainc.tld domaind.tld domaine.tld Only domain A and B should be allowed to use the SMTP localhost option, but the rest shouldn't. Is that even possible? Thanks in advance. Tim

I haven't found out how your notification / subscription works so I haven't see your reply before now. Just wanted to know if it was possible to deny all sites to localhost SMTP service except the ones I have allowed. By that I mean if I could deny virtualmin sites A and B access to the localhost SMTP server, where virtualmin site C has access and by that able to send mails to the postfix service?

  • Tim

You can turn on notifications for the support tracker in Account -> Project Notifications.

There isn't really a way to prevent a domain from accessing Postfix, though disabling the Mail for Domain feature prevents them from being able to receive email.

Access to Postfix is necessary for things like cron, which email reports of cron jobs that run.

However, one thought that crosses my mind is that you could try looking into Email Messages -> Message Rate Limiting, and see if that does what you're after. If you prevent it completely, that could cause some problems (such as if there's a cron problem occurring). But you could always limit it to a low number.

Hi Eric

Thanks for your reply. The Message Rate Limiting, is that based on the individual server (user) or the server in total? If it's related to the user it would be great, if it's the server in total it would be difficult to use.

  • Tim

Hmm, if I recall, I believe those settings are per-Virtual Server.

However, you'll see the screens to configure it once you enable that option.

Hi Eric

I have installed the greylisting feature to activate the rate limit option. I can see the global settings but the domain settings is just blanked out, so I am not able to select specific domains. Is that because the domain needs to have the virtualmin mail option enabled before they will be listed here?

  • Tim

Hmm, that may indeed be the case.

Just to test that theory, do you happen to have a domain on your system with mail enabled? If so, are you able to setup email rate limits for it?

Yes, only domains with email enabled can be rate-limited.

Diabolico's picture
Submitted by Diabolico on Wed, 06/22/2016 - 01:57

Why not using Postfix and transport_maps - http://www.postfix.org/STANDARD_CONFIGURATION_README.html.

You could use "transport_maps = hash:/etc/postfix/whitelist" and add:

yourdomain1.com:
* discard:

to discard all emails for all domains aside of "yourdomain1.com" or:

yourdomain1.com:
* error: You are not allowed to send emails

to discard all emails for all domains (aside of "yourdomain1.com") with your custom error message.

You can even use Postfix and smtpd_recipient_restrictions to block incoming emails for domain(s) you dont want to receive any email. For all this you just need Postfix without any additional software. Plus its easy and fast to setup and not prone to errors in case you need to move to another server.