how to configure/restrict certain users to only send email internally?

[pchandler]

I have a Zentyal 3.5 box setup with Openchange/Sogo installed. I am curious on how to configure certain users only access of sending emails internally to members of ex: "@domain.local". Currently our live server is using Axigen which has a mail setting to check off outgoing smtp. Is there some sort of way of doing this. It would be a requirement if I was to incorporate zentyal into our production environment.

Thanks,
Paul

[jbahillo]

Hello:

CHeck postfix documentation, this can be done and you could do a stub of main.cf setting this according to your needs

[pchandler]

So the only way to do client restrictions would be to mess with configuration files. I am not sure on how to create a stub. Is there anyone else that has doen this before? I feel I can't be the only one.

[half_life]

Here is a link taking about what needs to be changed in postfix  http://postfix.1071664.n5.nabble.com/How-can-I-restrict-some-specific-users-from-sending-email-to-external-domains-td58385.html

Someone should be able to walk you through the configuration under  Zentyal.  Sorry I visit here way to irregularly to be of any help on this.

[pchandler]

Thank you so much. I was able to edit the main.cf and add the appropriate changes needed.

 

The check_sender_access restriction below triggers the lookup to catch the
sender:

smtpd_recipient_restrictions =
        ...
        check_sender_access hash:/etc/postfix/internal_senders
        permit_mynetworks
        reject_unauth_destination
        ...

In the map you list the senders that should be re-routed to the dedicated
filter ruleset:

# /etc/postfix/internal_senders
[hidden email]          internal_only

The rule above says to route [hidden email] to a ruleset called
"internal_only". You need to define it, before you can add rules to it:

smtpd_restriction_classes =
        internal_only

Now you can create the restriction class "internal_only" and add rules. They
are executed top to bottom - first match wins:

internal_only =
        check_recipient_access hash:/etc/postfix/internal_domains
        reject

In the map /etc/postfix/internal_domains you list all recipient domains the
sender should be permitted to send to. When you say "OK" you tell Postfix to
permit the senders request (send a message):

# /etc/postfix/internal_domains
example.com                     OK
example.org                     OK

If the recipient domain is not in /etc/postfix/internal_domains Postfix will
look for the next rule. In "internal_only" I wrote "reject". This is a static
action, which always is true if Postfix tests it. It gives you what you want.
Either the recipient domain is on /etc/postfix/internal_domains or the request
action (send a message) will be rejected.