On 2/7/2011 4:57 PM, Nikolaos Milas wrote:
I have parenthetically asked in another - solved - thread if
postfix offers the ability to control access to specific mail
addresses using as a key the authenticated usernames (and got
no reply).
So, I am posting this as a new thread, hoping that someone has
faced this scenario.
The idea is: a user is trying to connect to our SMTP (postfix)
to send email to onemailaddr...@example.com (which we want to
control access to). He is authenticated by postfix as userx
using SASL over our LDAP server (we are using virtual accounts
only). Can we setup some "smtp_restriction_classes" based on
authenticated usernames (for example a check_client_access
lookup table with entries of the form: "userx OK", where userx
is a successfully authenticated SMTP username and not the
sender's mail address username)?
Is there direct or indirect way to accomplish this? Is there a
way to "retrieve" the SMTP authentication username and process
it?
I haven't been able to locate a similar subject in the
documentation (except of course permit_sasl_authenticated
which applies to all SASL authenticated users at the same time).
Thanks very much,
Nick
Postfix has no such feature. Maybe it would be sufficient to
limit the sender address to authenticated users with
reject_sender_login_mismatch. Then one could use
smtpd_restriction_classes that first checks for the protected
recipient, then checks for authenticated users.
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
http://www.postfix.org/RESTRICTION_CLASS_README.html
Alternately, the sasl username is available to an external
policy service.
http://www.postfix.org/SMTPD_POLICY_README.html
Maybe an existing policy service can be configured for this.
http://www.postfix.org/addon.html#policy
-- Noel Jones
