in the setup you did, users can send as ***@yahoo.com.
All good no?
Your final warning: "it won't prevent internal users from using an
external sender address" -- define internal user? Those in my virtual
table, or local Unix users? If the latter, I have none. As for "external
sender address", are you referring to the envelope field, the Reply-to:
field, or the From: field? If either of the latter two, yes we agreed
earlier in the threat that that would have to be done with a cleanup
filter.
Clarify?
a virtual user authenticates as [email protected] (which is his SASL
login) but sends as [email protected] (where external.example may be
yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.
Still a disconnect compared to what I am seeing. When I re-configure my
MUA to use '[email protected]' as the Sender to send to
[email protected], and SASL authenticate as [email protected] to
the submission port, Postfix replies:
"An error occurred while sending mail. The mail server responded: 5.7.1
<[email protected]>: Sender address rejected: not owned by user
[email protected]. Please check the message recipient
[email protected] and try again."
This is without the additional check_sender_access you describe as needed.
As quick re-cap, I have:
submission_client_restrictions =
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject
AND:
smtp.example.com:smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=$submission_client_restrictions
-o syslog_name=postfix-submission
Is there some other part of the config I haven't discussed and need to, that is
making this work already for me?
-Daniel
