On 6/6/2014 7:01 PM, Mark Scholten wrote: > Hello, > > We have Postfix running for some years now. And for what we did with it it > is great. However I'm looking for an extra option as we didn't use it for > this (for this part we currently use Exim, I want to change it to Postfix). > > Situation: > - Postfix 2.9.6 installed using apt-get on Debian 7 (if needed I will/can > upgrade to the latest available version on postfix.org) > - Dovecot 2.1.7 installed using apt-get on Debian 7 > - SASL authentication is working > - Header containing user name is added > - MySQL backend (with users/domains in a database) > - Rate limiting based on domain name works (soon I will be adding that this > is also done based on the SASL user name) > > New features I want to add against some possible problems: > - Only allow users to mail when logged in with the same domain (optional > limit the mail from to just a few mail addresses) > > Target situation: > - Logged in u...@example.org uses mail from u...@example.org - allowed > - Logged in u...@example.org uses mail from i...@example.org - allowed > - Logged in u...@example.org uses mail from u...@example.net - not allowed > > Would be nice: > - Logged in u...@example.org uses mail from u...@example.org - allowed > - Logged in u...@example.org uses mail from i...@example.org - allowed > - Logged in u...@example.org uses mail from u...@example.net - not allowed > - Logged in u...@example.org uses mail from us...@example.org- not allowed > (this would require a list with allowed mail from addresses per SASL user) > > If it is possible to do this using a milter that is checked while the mail > is send (but before it is accepted) that is also an option. I didn't see an > option for it yet (but it is likely I missed it if it is possible). > > I only want to do this for SASL authenticated users, incoming mail (without > SASL) shouldn't have problems with it. > > Thanks for reading and thank you for your reply. > > Regards, Mark > >
First, look at smtpd_sender_login_maps and friends and see if it meets all your needs: http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch http://www.postfix.org/postconf.5.html#reject_known_sender_login_mismatch http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch If you need more control, you can use a policy service: http://www.postfix.org/SMTPD_POLICY_README.html with one of the third-party policy services (postfwd is often recommended as flexible and reliable) or write your own. http://www.postfix.org/addon.html#policy -- Noel Jones
