On Sat, Mar 07, 2015 at 05:59:23PM +0800, P.V.Anthony wrote:
> How to create an exception to reject_authenticated_sender_login_mismatch in
> main.cf.
Postfix 2.11 or later:
http://www.postfix.org/postconf.5.html#check_sasl_access
Presumably some SASL users need to be able to send from *any* email
address, or at least too many to enumerate.
> smtpd_sender_restrictions = reject_unknown_sender_domain,
> check_sender_access hash:/etc/postfix/allowed_user,
> reject_authenticated_sender_login_mismatch,
> check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
> ------------------ end -------------------------
>
> In the file /etc/postfix/allowed_user it is as follows.
>
> [email protected] OK
>
> Is there some other check_XXXX_access that checks the authenticated user?
With earlier releases, if this user can send from any email address,
EXCEPT email addresses reserved for other SASL users, then just:
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
indexed = ${default_database_type}:${config_directory}/
smtpd_sender_login_maps =
${indexed}sender_login, static:[email protected]
Otherwise, Postfix >= 2.10, go with "socketmap" (superior to "tcp"
table alternative below):
http://www.postfix.org/socketmap_table.5.html
and for every sender address return:
<logins explicitly authorized for given address>,<list of logins not
locked to any particular address>
For Postfix <= 2.9, use "tcp" tables.
http://www.postfix.org/tcp_table.5.html
--
Viktor.
