Brilliant, reject_sender_login_mismatch is the perfect level of
flexibility and is working now. I can add whatever authorizations I
need to my virtual user table in the DB, in a separate column if need
be. (right now I'm using the trivial match of <authorized names> = <the
login name>)
Importantly, if it's not a SASL-based session no such authorization
check is done, rather the usual "you're a stranger, for local delivery
only" rules apply there. So, I don't need to have a separate ruleset, as
this rule already has the proper granularity.
Conceivably, someone could hack a non-standard e-mail client to use the
SASL name in the MAIL FROM, but tweak the 'From: ' line to anything they
like (although the MAIL FROM would appear in the Return-Path / Sender
fields), and this is harder to stop, correct? But we are in rare corner
cases now, not ordinary users I would think.
Anyway, thanks for the quick follow-up, resolved.
Daniel
On 1/30/2011 5:58 PM, Noel Jones wrote:
On 1/30/2011 3:31 PM, Daniel Bromberg wrote:
Hi,
I've recently started using postfix several weeks ago to run
my e-mail services. Using spamassassin/spamd,
greylists/SQLgrey, several RBLs, multiple domains, virtual
users against MySQL tables in multiple domains, so somewhat
knowledgeable, but mostly not.
One of the companies I administrate has a policy that users
submitting outgoing mail via submission/SSL/465 can only use
the server to submit 'MAIL FROM:' their SASL authenticated
username, so they cannot do non-company business as a
different e-mail identity through the server.
This is turning out to be harder than I thought however.
A. IIUC, check_sender_access applies to all mail received,
whether intended for local delivery via smtp/unencrypted/25 or
intended for outbound relaying via submission/SSL/465.
No, you can override most main.cf settings, including all the
smtpd_*_restrictions, with -o options on the submission/smtps entries
in master.cf. See:
http://www.postfix.org/postconf.5.html
A simple check would be adding a regexp check_sender_access map that
rejects any address that doesn't contain @example.com. A more
sophisticated check would insure that the SASL credentials match the
MAIL FROM, using reject_sender_login_mismatch.
Also note that postfix operates on the MAIL FROM envelope address, not
the address given in the From: header.
Note that too many overrides can make postfix somewhat confusing due
to the config being in several places. At some point it's easier and
cleaner to run multiple instances. Multiple postfix instances is
substantially easier with postfix versions 2.6 and newer.
http://www.postfix.org/MULTI_INSTANCE_README.html
-- Noel Jones
