chris at archnetnz.com writes:
>> "Chris Hodgetts" <chris at archnetnz.com> writes:
[...]
>> For that, though, you probably need a hand-written policy daemon to
>> identify both the sender and recipient, and act on that. The version of
>> Postfix you have supports that, and writing a policy daemon isn't /that/
>> hard.
>>
>> See the simple greylist example that Postfix ships, or that is on their
>> website, for the Perl code.
>>
>> Blocking outbound mail from that one account is a much harder job than
>> blocking inbound, though, as you note. Most threat models with email
>> assume that internal senders are at least semi-trusted.
>>
>> Perhaps if you outline why you want to do this there is a better way to
>> achieve your goals overall?
>
> I want do to this so that Children can have a restricted down e-mail
> so that only approved e-mail can get to the child and they can only
> send to approved e-mail addresses.
OK, seems a decent goal. Good luck with it. I guess the one question I
have is how much cooperation you expect from the kids in this -- are
they willing to play along, or are they going to fight you every inch?
> I have had a look at some clients, but they cost quite a bit (in $US)
> and its not really worth it - and others make the child log into the
> hosts own website -- would rather have *FULL* control..
I completely agree. One of the big motivators, for me, in that regard
would be the rather arbitrary, and biased categorizations that a number
of commercial filtering packages make.
It is not uncommon to find information that I consider unsuitable for
children freely available, while other information I consider both
reasonable and essential censored, on what I consider fairly biased
political or social lines.
Handing over responsibility for the safety of kids to a third party
company who have, at the end of their day, their own agenda never seems
wise to me.
> Unless someone knows of a good Open Source client that can be locked
> down to only allow approved e-mail to children, then that would be
> good.
>
> So yeah... thats pretty about it :)
Cool. Now you have explained it your request makes more sense.
I would suggest that you take one of two approaches:
If you want to build a filter that controls mail in both directions you
really need to develop a Postfix policy daemon.
They really are trivial to write and you can build one in any language
that can talk TCP and read or write lines.
If you expect cooperation from the kids, though, you could either
develop a delivery script in procmail (or whatever; Perl and Python are
both very capable) that filters inbound, and leave outbound alone.
Oh. Actually, one other option: the amavisd-new package has some
whitelist and blacklist capabilities, and operates well with the Postfix
system.
Having taken a quick look it does support per-recipient whitelist and
blacklist entries.
You could use that to manage the system, by hooking it into Postfix, and
benefit from the spam and virus scanning capabilities as well.
Heck, it even supports LDAP or SQL lookups, so probably has the same for
the per recipient settings. You could build a nice web interface to
help yourself administer the settings.
Regards,
Daniel
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
http://digital-infrastructure.com.au/
| More information about the AuckLUG mailing list |
If you have any questions or comments about this page, email the
Webmaster Design Copyright © 1998-2005 Linux.net.nz |