Setting policies for email
October 1, 2009 6:23 AM   Subscribe

net.cop filter: What software is available to filter and (optionally) block email between users on the same domain? I'm using Postfix with Google Apps but could be persuaded to use another solution.

This is for a school situation, with some very young children who we want to be able to use email but without fully exposing them to the threats of stranger contact (from the wider Internet) or to potential "cyber-bullying" from their peers. So the restrictions might include:

- Kids cannot email each other except when collaborating on a project.
- All email from the Internet to the children will be forwarded to a catch-all account.
- Kids can freely email staff and vice versa.
- Parents on the same domain (we give them an email address for school use) can email staff but not children or other parents.
- Staff can send and receive emails from/to whoever they like including on the Internet.

I will be using Google Apps Education for the front-end, with an internal and outgoing relay using Postfix (but could be persuaded to go to Qmail or another MTA). This means Postfix gets to handle all email sent to/from this domain and that's the point at which I want to be able to apply these policies.

I don't have any sub-domains (e.g., so would need something which can work with usernames on one domain and differentiate between the different kind of addresses based on a suffix like "" or "" unless you can think of a more elegant solution.

Also, have looked at Postini (Google's preferred solution) but it's UKP10,000 per annum and that seems a bit steep to me.

Thanks in advance for any help you can offer.

And pleasepleaseplease, no editorials about how this is wrong or too authoritarian, etc. I really don't want to go there...
posted by BrokenEnglish to Computers & Internet (5 answers total)
For such a closed loop, why use e-mail at all? Why not some sort of web-based messaging system or groupware, where you can make ad hoc project groups and customize privileges and generally control it so much better? No "mail" into or out of the system at all. An extranet.

Since most people use web clients, non-techy users don't know the difference between a web only message system and e-mail anyway, especially if you call it a mail system.

(Like, you know, eBay messaging or MeMail.)
posted by rokusan at 6:37 AM on October 1, 2009

Yes, nice thought. I might have to see what options are out there. Of course, always a problem getting people (especially loads of them) to do something new but if it's an elegant solution it might be worthwhile.

posted by BrokenEnglish at 9:36 AM on October 1, 2009

You could cobble this together using postfix... but i'ts going to be hairy.

You could address the "When working on a project" by setting up mailing lists for given projects - or even a listserver - that keeps things public.

I'd definitely look to web-based options though - the situation you've described is not something that's generally provided for any email server I've heard of, commercial or otherwise.

You're wedging email into something that e-mail wasn't really designed for.
posted by TravellingDen at 10:00 AM on October 1, 2009

Here's a way you could do this with just Google Apps Education Edition including the basic Postini functionality that's available with Google Apps EE.

First, you'd create a Postini user template that blacklists everyone. Then, when you create your users in Apps, each user will have settings created in Postini using that template. Finally, for each template, add the whitelist addresses you want to use. In fact, thinking a bit about this, you could create group templates instead and use those, since presumably you'd have some users with unrestricted email or different restrictions.

For mailing lists, you can just create those in Google Apps.

I don't see why you'd need postfix in this model, but you could continue using it if you really wanted.

If you have any questions, please feel free to memail me - I do a lot of work with Google Apps.
posted by me & my monkey at 11:00 AM on October 1, 2009

@TravellingDen: I agree that it's something of an abuse of email but there's an intended educational benefit as well. Personally I'd prefer to be more trusting of our users but some of these kids are very young...

me & my monkey, I didn't realise you could do any of that, I'll have to dig a bit deeper. I've been looking at the Postfix documentation about implementing a policy server, which I can do with Perl and looks easier than I had thought. I'm kind of surprised nobody has done something like this already. Thanks for the offer of more info about Postini, though: might be in touch soon :)
posted by BrokenEnglish at 12:39 PM on October 1, 2009

« Older Off to Germany for two weeks...   |   ISO: Cake Pan in shape of Comedy/Drama Masks Newer »
This thread is closed to new comments.