Viktor Dukhovni:
> On Mon, Sep 16, 2013 at 08:35:16AM -0400, Wietse Venema wrote:
>
> > If you want to reject authenticated sender/login mis-matches only
> > for sender addresses in $smtpd_sender_login_maps, then that would
> > have to be a completely different feature, with a clear name, and
> > with clearly defined semantics.
> >
> > reject_something_here_that_doesnt_confuse_the_hell_out_of_real_humans
> > Reject the request when the client is (SASL) logged in, but
> > the MAIL FROM address is owned by a different client login
> > name according to $smtpd_sender_login_maps.
>
> Perhaps:
>
> reject_restricted_sender_misuse
>
> Patch below, potentially subject to replacement of the above name with
> something more obvious.
Bah, you solved the easy part of the problem :-)
I would expect a feature name that contains the following:
reject
This feature will reject a request or do nothing.
authenticated
This feature applies to (SASL) authenticated clients.
sender_login_maps
This feature queries the smtpd_sender_login_maps table.
XXX
The MAIL FROM address has an owner, but the owner differs
from the authenticated client's login name.
What about "conflict"? It means we found an owner, but it was the
wrong one. The term "conflict" is more specific than "mismatch"
which also includes the case that we didn't find anything.
Wietse
