Hello!
I have a server with an online store and I would like to block the possibility of sending mail from external clients such as Thunderbird, Outlook.
Sending mail only via scripts on the store side.
What’s the best way to do this?
Operating system: Centos
OS version:7.8
Hello @Maciekkk and welcome to the community.
In order to block external access of email clients like Thunderbird and Outlook, all you need to do is to keep secure the passwords of the users (i.e. email accounts) that have been created for that virtual server. It is as simple as that. If no one other than yourself has the passwords of the email accounts then there is no danger of external email clients like Outlook sending out email from your server.
That’s the answer to your question about stopping Thunderbird and Outlook from sending email. However if your question was wider in scope (and you wanted to prevent the spoofing of your email or whitelisting your own IP addresses) then, naturally, the answer would be more involved.
Unfortunately, the topic is more complicated. I just want to block sending messages. Receiving messages and handling via IMAP - no change.
Wouldn’t that (passwords @calport suggested) still work if you required the same login requirements for your SMTP as your IMAP?
Exactly! How to change it to separate logins and passwords?
What needs to be changed in the configuration? Is it possible in virtualmin?
Is it possible in Virtualmin? Everything is possible in Virtualmin if you know what you are doing. Virtualmin + Webmin is a GUI to administer a server which is intended to be used for shared web hosting. It supports multiple operating systems and operates by changing the settings of config files directly while giving a systems administrator the freedom (this is important! Other control panels do not!) to also configure the same manually in concert with Virtualmin. So he answer to your question is yes, it is possible in Virtualmin because Virtualmin is the most versatile of all web hosting panels.
If you are asking if there is a check box in Virtualmin somewhere which says “Stop people from sending out email in the manner @Maciekkk wants to stop them” then no, there is no such check box which you can tick and get Virtualmin to let users with valid credentials read mail but prevent them from replying / sending out mail while at the same time permit your scripts to send out mail from the same virtual server.
In summary, there is no mainstream control panel which has this option, AFAIK, and I can think of more than one way in which Virtualmin could be configured to get a system to work in your specific use case.
@calport, just for my own curiosity are you saying that there is not an option in Vmin/Webmin to have one password for SMTP and another for IMAP?
Edit:clarify
Yes, @simon1066, that could be one approach. The downside which I can foresee with this is that some user would configure his email client in the standard manner (e.g. in Outlook, tick the check box: use same credentials for outgoing server) and generate lots of failed logins; maybe get locked out by fail2ban and in a nightmare scenario, cause his colleagues to also get locked out because they are all sharing the same IP address at the workspace, now blocked by fail2ban.
The other approach could be to keep the public facing mailboxes on the primary domain.tld , create a subdomain, say intranet.domain.tld and forward user@domain.tld to user@intranet.domain.tld user2@domain.tld to user2@intranet.domain.tld and so on… and configure intranet.domain.tld to route internal mail only.
With Virtualmin configured thus, scripts running on domain.tld could send out mail that they are supposed to send out but users can not send mail, as @Maciekkk wishes.
There might be other, and perhaps better, ways of achieving the desired outcome. As I said, there is more than one way in which Virtualmin could be configured to do this.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.