aboutsummaryrefslogtreecommitdiff

User Group Membership for Postfix

Limit E-Mail access for users using group membership in Postfix.

The default Postfix setup restricts E-Mail to all system users, which includes service users such as 'www'.

Installation

go build .
sudo mv postfix-unix-users /usr/local/bin
sudo chown root:root /usr/local/bin/postfix-unix-users

Configuration

Tell Postfix to start the program as part of its operation, using allowed user groups listed in the file '/etc/postfix/user_groups'.

/etc/postfix/master.cf:

unix-users    unix  -       n       n       -       1       spawn
  user=nobody argv=/usr/local/bin/postfix-unix-users
    --hostname $myhostname
    --groups /etc/postfix/user_groups
    email-group-1 email-group-2

Tell Postfix to lookup local users using the program's unix socket.

/etc/postfix/main.cf:

# Replace 'unix:passwd.byname' with 'socketmap:unix:private/unix-users:membership'.
local_recipient_maps = socketmap:unix:private/unix-users:membership $alias_maps
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-21 10:01:52 +0000