On Tue, Jun 15, 2010 at 09:33:12AM -0700, Andrew G. Grant wrote:
> Hello,
>
> I have configured the default install of Postfix (version 2.5.5) on
> Apple OS X Server 10.6.3 (Darwin 10.3.0). Everything seems to run very
> well with the exception that once authenticated, a user can claim to be
> any valid email address on my network.
This is default behaviour.
> I now have a desire to restrict senders to their email addresses listed
> within Open Directory. I want to make sure that the email address listed
> in OD is the only sending address a user can use based upon their SASL
> credentials.
>
> I tried to reference LDAP using , "smtpd_sender_login_maps =
> ldap:/etc/postfix/ldap-aliases.cf" but I found that Apple did not include
> LDAP as a dictionary type. Here are the types that are supported in
> my build.
>
> postconf -m
> btree
> cidr
> environ
> hash
> pcre
> proxy
> regexp
> static
> unix
That's unfortunate.
> So far, I have tried these items with no success:
> smtp_sender_dependent_authentication = yes
Irrelevant. This is used when sending mail, not when receiving
mail. Turn this off.
>
> smtpd_sender_restrictions =
> permit_sasl_authenticated,
Too late, at this point the SASL authenticated users are in
The restrictions on sender address go *above* this.
> reject_non_fqdn_sender,
> reject_sender_login_mismatch,
> reject_authenticated_sender_login_mismatch,
> reject_unauthenticated_sender_login_mismatch,
> reject
# Not an MX host, authenticated senders only:
#
smtpd_sender_restrictions =
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject
--
Viktor.
