Re: Question about reject_unauthenticated_sender_login_mismatch

Wed, 14 Jan 2009 15:33:53 -0800 

On Wed, Jan 14, 2009 at 11:15:54PM -0000, jeff_homeip wrote:

> I think I've misunderstood this again. here's the behavior I observed:
> 
> I added  -o 
> smtpd_sender_restrictions=reject_unauthenticated_sender_login_mismatch to
> my master.cf smtp service entry (receiving mail on port 25).
> 
> It then rejected all mail. Each message was rejected because the sender was 
> not
> authenticated.

You should not really expect us to help you with this with no log entries,
associated postconf -n, and actual master.cf entries.


> The behavior I was seeking was that it would reject messages where
> the MAIL FROM is one of the addresses that validly authenticates.

The reject_unauthenticated_sender_login_mismatch feature only rejects
addresses listed in the smtpd_sender_logim_maps table:

    /*
     * Reject if the client is not logged in and the sender address has an
     * owner.
     */
    if (smtpd_sasl_is_active(state) && state->sasl_username == 0) {
        reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, 
sender);
        if (reply->flags & RESOLVE_FLAG_FAIL)
            reject_dict_retry(state, sender);
        if (check_mail_addr_find(state, sender, smtpd_sender_login_maps,
                                 STR(reply->recipient), (char **) 0) != 0)
            return (smtpd_check_reject(state, MAIL_ERROR_POLICY, 553, "5.7.1",
                   "<%s>: Sender address rejected: not logged in", sender));
    }

So either your report is incomplete/inaccurate, or you have managed to
list all the senders you tested in smtpd_sender_login_maps (difficult
with indexed files, easier with regexp tables and SQL lookups).

> Given that reject_unauthenticated_sender_login_mismatch does not
> produce this behavior, [ ... ]

With false premises you can reach any conclusion.

-- 
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Reply via email to