Viktor Dukhovni:
> So I think putting "sender" first and indicating that *only*
> listed senders are in scope makes sense:
>
> reject_restricted_sender_wrong_login
>
> this should likely automatically imply reject_unauth_sender_login_mismatch
> (to protect said restricted sender addresses from misuse when the
> client does not authenticate). (Thus a small change in the proposed code).
I think the following introduces the least amount of confusion.
reject_sender_login_mismatch
[this definition does not change]
reject_authenticated_sender_login_mismatch
Apply the reject_sender_login_mismatch restriction
only to clients that are SASL-authenticated.
reject_unauthenticated_sender_login_mismatch
Apply the reject_sender_login_mismatch restriction
only to clients that are not SASL-authenticated.
reject_known_sender_login_mismatch
Apply the reject_sender_login_mismatch restriction only to
MAIL FROM addresses that are known in $smtpd_sender_login_maps.
Wietse
