On 2011-10-05 20:22, mephistophe...@operamail.com wrote:
My Postfix delivers to an IMAP store using LMTP.
I intend to have known users only defined in IMAP server's LMTP config.
That's a bad idea, unless you run an open relay; postfix should know
what valid recipients are, so it can reject everything that is not.
To check for valid users, and reject if not found, I use Postfix's
(http://www.postfix.org/SASL_README.html)
reject_sender_login_mismatch
That only works for submission via an SASL-enabled smptd(8) listener.
It has unexpected side-effects for a normal smtpd(8).
So make sure you only allow SASL-based submission in this case - or put
permit_mynetworks in front of it.
It's impossible to tell because you did not provide postconf -n, which
is a requirement of this list to offer useful help.
For simple config, I add that to
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
...
reject_sender_login_mismatch
This will globally reject messages for which the sender is in one of the
domains postfix is responsible for, but which does not match an entry in
an smtpd_sender_login_maps.
Note the globally.
When I add, e.g., postscreen, spampd as a before queue content filter,
and opendkim milter, should the 'reject_sender_login_mismatch' still be
left in main.cf, available globally by default?
reject_sender_login_match should generally be set only on your
submission listener.
Or should it be removed, and then added solely to a specific entry in
master.cf?
What's considered best practice in this case, and why?
Setting options globally in main.cf affects every instance of a
particular daemon that looks at the value of the option.
--
J.
