Thorsten Glaser <
tg@mirbsd.de> wrote:
Hi,
Hello Thorsten,
in a BSD standard setup (MTA runs on [::]:25 or [::1]:25,
/usr/sbin/sendmail as MSA connects to [::1]:25 to deliver
locally-submitted mail), is there a way to make some
mailboxen “local-only” (i.e. allow mail delivery from
the local system only but not from the internet)?
the question is indeed what exactly you rate as "local". The "sender
address" - might it be the envelope address or even the mail from
address - is no good idea since these can be faked. The same applies to domains. Leaves IP addresses.
Look for a rule set which combines sender IP address and recipient
e-mail address for a lookup in the access database and allows wildcards.
Or run independent instances on different IP addresses and let external
systems deliver to the instance which doesn't know / blocks certain
internal addresses and internal systems to deliver to the instance which
is unrestricted - possibly run a split DNS setup where you resolv the
same DNS name to the two different IP addresses. Or use a mail domain
which is not routable in the internet - e.g. "home.arpa" - and block the recipient addresses with the external domain and don't restrict them on
the unroutable domain.
There are lots of ways how to achieve what you gave a keyword for. In
the end it depends on what exactly you want to achieve.
[...]
Regards,
Henning
--
Habit is habit, and not to be flung out of the window by any man, but coaxed down-stairs a step at a time.
-- Mark Twain, "Pudd'nhead Wilson's Calendar
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)