On Tue, Jun 15, 2010 at 09:33:12AM -0700, Andrew G. Grant wrote: > Hello, > > I have configured the default install of Postfix (version 2.5.5) on > Apple OS X Server 10.6.3 (Darwin 10.3.0). Everything seems to run very > well with the exception that once authenticated, a user can claim to be > any valid email address on my network.
This is default behaviour. > I now have a desire to restrict senders to their email addresses listed > within Open Directory. I want to make sure that the email address listed > in OD is the only sending address a user can use based upon their SASL > credentials. > > I tried to reference LDAP using , "smtpd_sender_login_maps = > ldap:/etc/postfix/ldap-aliases.cf" but I found that Apple did not include > LDAP as a dictionary type. Here are the types that are supported in > my build. > > postconf -m > btree > cidr > environ > hash > pcre > proxy > regexp > static > unix That's unfortunate. > So far, I have tried these items with no success: > smtp_sender_dependent_authentication = yes Irrelevant. This is used when sending mail, not when receiving mail. Turn this off. > > smtpd_sender_restrictions = > permit_sasl_authenticated, Too late, at this point the SASL authenticated users are in The restrictions on sender address go *above* this. > reject_non_fqdn_sender, > reject_sender_login_mismatch, > reject_authenticated_sender_login_mismatch, > reject_unauthenticated_sender_login_mismatch, > reject # Not an MX host, authenticated senders only: # smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, reject -- Viktor.