jeff_homeip a écrit : > --- In [email protected], Victor Duchovni <victor.ducho...@...> wrote: >[snip] >>> Am I then correct in concluding that with: >>> >>> smtpd_sender_restrictions = >>> permit_sasl_authenticated, >>> reject_authenticated_sender_login_mismatch, >>> reject >> Observe that the order of the first two elements is not entirely >> correct. >>
I hope you didn't miss this. in your restrictions, reject_authenticated_* is useless, because authenticated transactions have been permitted by permit_sasl_authenticated. or did you mean reject_UNauthenticated_*? > > thank you for confirming, and allowing my still-growing knowledge of postfix > to confirm > your answers. this will help quite a lot! > to sum up: - if [email protected] can only be used by user 'foo', then use reject_sender_login_mismatch. - if [email protected] must be authenticated (but you don't care who the user is), then use reject_unauthenticated_* - if [email protected] can be used (without auth) OR (if auth'ed, the user must be 'foo'), then use reject_authenticated_*. <advanced> (skip if not confident...) you can implement this on a per sender basis using a check_sender_access with a map that returns one of the above depending on the sender. for example: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access_sender_login == access_sender_login: [email protected] reject_sender_login_mismatch [email protected] reject_authenticated_sender_login_mismatch [email protected] reject_unauthenticated_sender_login_mismatch [email protected] DUNNO example.com reject_sender_login_mismatch </advanced>
