NAME localmail DESCRIPTION This plugins lets you declare a list of your users as allowed for internal mail only. That means that when they try to send a message to an address outside of your domains, it will fail. They still can receive external mail, though. In fact, they can probably send email too, if they put their minds to it. They can do one of the following: * Steal another user's password * Send directly bypassing your relay (so, block port 25 outgoing at the firewall) * Send directly via MSA protocol (so, block port 587, too) * Use a webmail (so, block access to the web? or use a proxy, check logs) * Save the stuff to a damn floppy/usbdisk/camera/ipod/mp3 player/CD/DVD (I suggest cavity searches and huge electromagnets. Maybe doberman dogs?). Really, this plugin gives you just a false sense of security. How it works? It will check your SMTPAUTHUSER against a list stored in /var/qmail/control/localonly and then, if the recipient domain is not in your rcpthosts, it will reject the recipient. You should use this plugin only on the RCPT command. You should carefully disable unauthenticated relaying or this plugin is useless. REQUIREMENTS Makes no sense if you don't have authenticated SMTP. CONFIGURATION The LOCALMAILCONF variable contains the path to the config file. The default is /var/qmail/control/localonly The control file should contain a list of users (as defined by your authentication mechanism), one per line. Example: user1 user2 LOGGING It will log every blocked recipient: localmail: pid 3245 - blocked from slave@fascist.biz to friend@free.world ERROR MESSAGES If the plugin decides the recipient is remote and the sender is local-only, it will give this error message: 550 You are only allowed to send to local addresses. SEE ALSO plugins-ra(8) Homepage: http://ralsina.blogsite.org/stories/39.html COPYRIGHT Copyright © 2006 Roberto Alsina This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.