Results 1 to 5 of 5

Thread: Prevent Email from leaving local Domain

  1. #1
    Join Date
    Jan 2013
    Beans
    151

    Prevent Email from leaving local Domain

    I'm using Squirrelmail + Dovecot + SMTP and would like to prevent users from sending email to outside domains(ie. yahoo, gmail etc). I want to lock it down so only inter-office email is allowed to and from. Can someone start me in the right direction? Thanks.

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,761
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Prevent Email from leaving local Domain

    A simple hard-and-fast approach is to block outbound traffic on port 25, SMTP. On the mail server add this pair of rules:
    Code:
    /sbin/iptables -A OUTPUT -i lo -p tcp --dport 25 -j ACCEPT
    /sbin/iptables -A OUTPUT -p tcp --dport 25 -j REJECT
    The first allows traffic over the "localhost" interface, which your setup would be using to communicate between Squirrelmail and the local mail transfer agent (Postfix, sendmail, exim). Mail to any other server is blocked.
    Last edited by SeijiSensei; October 24th, 2013 at 10:42 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Jan 2013
    Beans
    151

    Re: Prevent Email from leaving local Domain

    Quote Originally Posted by SeijiSensei View Post
    A simple hard-and-fast approach is to block outbound traffic on port 25, SMTP. On the mail server add this pair of rules:
    Code:
    /sbin/iptables -A OUTPUT -i lo -p tcp --dport 25 -j ACCEPT
    /sbin/iptables -A OUTPUT -p tcp --dport 25 -j REJECT
    The first allows traffic over the "localhost" interface, which your setup would be using to communicate between Squirrelmail and the local mail transfer agent (Postfix, sendmail, exim). Mail to any other server is blocked.
    I receive the following error.
    Code:
     # iptables -A OUTPUT -i lo -p tcp --dport 25 -j ACCEPT
    iptables v1.4.12: Can't use -i with OUTPUT

  4. #4
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,761
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Prevent Email from leaving local Domain

    Sorry, I mostly use INPUT rules. Replace "-i" with "-o" since the rule appllies to traffic leaving the interface.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  5. #5
    Join Date
    Jan 2013
    Beans
    151

    Re: Prevent Email from leaving local Domain

    Quote Originally Posted by SeijiSensei View Post
    Sorry, I mostly use INPUT rules. Replace "-i" with "-o" since the rule appllies to traffic leaving the interface.
    Thanks but for whatever reason mail was still leaving the domain. I did find a fix I believe. I edited my Postfix main.cf file
    Code:
    relayhost = $mydomain
    It variables are

    /etc/postfix/main.cf:
    relayhost = (default: direct delivery to Internet)
    relayhost = $mydomain (deliver via local mailhub)
    relayhost = [mail.$mydomain] (deliver via local mailhub)
    relayhost = [mail.isp.tld] (deliver via provider mailhub)


    This prevents my mail from leaving the domain. However my Mail Queue fills up if mail is undeliverable. No bounce message to the sender.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •