Le 01/02/2011 20:25, mouss a écrit : > Le 31/01/2011 07:46, Daniel Bromberg a écrit : >> Hm, there must be a disconnect. >> >> I did read it, it sounded logical, I implemented it, and then my tests >> worked. >> >> I have: >> >> smtpd_sender_login_maps = mysql:/etc/postfix/mysql_sender_login_maps.cf >> >> smtpd_recipient_restrictions = >> reject_sender_login_mismatch, >> permit_mynetworks, >> permit_sasl_authenticated, >> ... >> >> When I send use the wrong source name invalidorigin, I get this: >> >> *NOQUEUE: reject: RCPT from xxx <[email protected]>: Sender >> address rejected: not owned by user [email protected]>* >> >> But otherwise mail from the outside continues to come in to local >> (virtual) users fine, and using an authorized source name works. >> >> If I understand correctly, what it does during an unauthenticated >> session is that if there is a recognized virtual user in the MAIL FROM: >> field, it requires that the user be (SASL) logged in. If the MAIL FROM: >> is /not /a recognized virtual user, the rule does nothing and passes the >> filtering to the rest of the rules. > > yes. > >> This is naturally also what I want. > > That was not my understanding. in your OP, you said: >>>> can only use the server to submit 'MAIL FROM:' their SASL >>>> authenticated username". > > in the setup you did, users can send as ***@yahoo.com. > > >> All good no? >> >> Your final warning: "it won't prevent internal users from using an >> external sender address" -- define internal user? Those in my virtual >> table, or local Unix users? If the latter, I have none. As for "external >> sender address", are you referring to the envelope field, the Reply-to: >> field, or the From: field? If either of the latter two, yes we agreed >> earlier in the threat that that would have to be done with a cleanup >> filter. >> >> Clarify? > > a virtual user authenticates as [email protected] (which is his SASL > login) but sends as [email protected] (where external.example may be > yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.
you can fix this in your submission/smtps: submission_sender_restrictions = check_sender_access hash:/etc/postfix/submit_sender_domains reject == submit_sender_domains example.com OK .example.com OK This way, users of submission/smtp can only use an envelope sender of the form *@example.com or *@*.example.com. and those you can control with reject_sender_login_mismatch. alternatively, you can simply return a dummy login for addresses not in your domain when using sender_login_maps. but this is ugly (and requires constructs like CASE WHEN/IF NULL in your sql query).
