In certain circumstances I have found the need to prevent certain user’s from sending e-mail outside my domain.
These user’s are mainly my kids. Who enjoy sending people e-mail – with addresses they can’t replay to (more later).
The way I have my e-mail setup is that I have a host which collects my e-mails at my domain addresses. And I have a fetchmail process which collects this e-mail and drops it into the appropriate folders
But sending e-mail I chose to go with exim4, I found it the easiest to understand. Which you can take anyway you like!
As I said I’m running a local domain, and one the way out the e-mail addresses are rewritten for the company domain, otherwise the reciever couldn’t reply. This I have setup using LDAP in the schema. I am using the mailRoutingAddress field. Perhaps not what it is intended for, but as I am the admin I can do what I like.
On the way out a e-mail has its from:, reply-to: etc.. fields re-written with this address. I haven’t bothered to rewrite on the way back in, leave that for another project.
Now my kids’s e-mail accounts are just for fun. They don’t have a routing address setup in their accounts. But they still sent e-mails out to people. And when that person received the e-mail, they could not reply as the appropriate fields had not been re-written. So I needed a way to stop the e-mails going out.
They way I looked at it in exim4 is that I needed to write a special router to perform a couple of checks and to fail and produce a message if a user’s mailRoutingAddress could not be found.
This is how I modified the
local_only:
debug_print = "R: local only for $local_part@$domain"
driver = redirect
allow_fail
domains = !+local_domains
condition = ${if match_domain{$sender_address_domain}{+local_domains}{yes}{no}}
data = "${lookup ldap {ldap://localhost/uid=$sender_address_local_part,\
ou=People,dc=my,dc=domain?mailRoutingAddress}\
{$local_part@$domain}\
{:fail: Your account is not allowed to send mail outside of the local network}}"
redirect_router = next_router