Le 31/01/2011 07:46, Daniel Bromberg a écrit : > Hm, there must be a disconnect. > > I did read it, it sounded logical, I implemented it, and then my tests > worked. > > I have: > > smtpd_sender_login_maps = mysql:/etc/postfix/mysql_sender_login_maps.cf > > smtpd_recipient_restrictions = > reject_sender_login_mismatch, > permit_mynetworks, > permit_sasl_authenticated, > ... > > When I send use the wrong source name invalidorigin, I get this: > > *NOQUEUE: reject: RCPT from xxx <[email protected]>: Sender > address rejected: not owned by user [email protected]>* > > But otherwise mail from the outside continues to come in to local > (virtual) users fine, and using an authorized source name works. > > If I understand correctly, what it does during an unauthenticated > session is that if there is a recognized virtual user in the MAIL FROM: > field, it requires that the user be (SASL) logged in. If the MAIL FROM: > is /not /a recognized virtual user, the rule does nothing and passes the > filtering to the rest of the rules.
yes. > This is naturally also what I want. That was not my understanding. in your OP, you said: >>> can only use the server to submit 'MAIL FROM:' their SASL >>> authenticated username". in the setup you did, users can send as ***@yahoo.com. > All good no? > > Your final warning: "it won't prevent internal users from using an > external sender address" -- define internal user? Those in my virtual > table, or local Unix users? If the latter, I have none. As for "external > sender address", are you referring to the envelope field, the Reply-to: > field, or the From: field? If either of the latter two, yes we agreed > earlier in the threat that that would have to be done with a cleanup > filter. > > Clarify? a virtual user authenticates as [email protected] (which is his SASL login) but sends as [email protected] (where external.example may be yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.
