On Mon, Jan 12, 2009 at 09:35:14PM -0800, Jeff Weinberger wrote: > When a sender is not authenticated, and > reject_unauthenticated_sender_login_mismatch is specified, postfix takes > the MAIL FROM address, looks it up in smtpd_sender_login_maps and if > it's found, the message is rejected? > > Essentially the lookup is just for the existence of the MAIL FROM > address in the smtpd_sender_login_maps table?
Yes, that's what I said. > Am I then correct in concluding that with: > > smtpd_sender_restrictions = > permit_sasl_authenticated, > reject_authenticated_sender_login_mismatch, > reject Observe that the order of the first two elements is not entirely correct. > that the permit_sasl_autheticated obviates the need for > reject_unauthenticated_sender_login_mismatch? > (as there would never be an unauthenticated sender permitted...) Yes. this saves you a table lookup before unauthenticated senders are rejected outright via "reject". > And am I also correct in concluding that if unauthenticated senders were > allowed (as they would have to be for smtpd to accept messages from the > internet), that reject_unauthenticated_sender_login_mismatch would > prevent any non-authenticated sender from sending a message from (with MAIL > FROM) any address listed in my smtpd_sender_login_maps? Yes, that's I said. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.