Hello,
I have the following problem.
I configured Postfix 3.0.1 to force SASL auth and permit only a set of
envelope sender addresses for each login
(reject_authenticated_sender_login_mismatch).
I would like to understand why the null envelope sender address ("<>")
is always permitted for all logins, even if it doesn't match the
smtpd_sender_login_maps table.
reject_authenticated_sender_login_mismatch works as expected for all
other envelopes.
Could you help me to know why?
Thank you very much
Marco
2bounce_notice_recipient = [email protected]
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 5m
append_at_myorigin = no
append_dot_mydomain = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 3
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_recipient_limit = 10000
delay_warning_time = 3h
disable_vrfy_command = yes
enable_long_queue_ids = yes
error_notice_recipient = [email protected]
hopcount_limit = 50
html_directory = no
inet_interfaces = $myhostname
inet_protocols = all
mail_name = AAAA
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
message_size_limit = 10485760
meta_directory = /usr/share/postfix
mydestination =
mynetworks =
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains =
proxy_interfaces = DD.DD.DD.DD
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-3.0.1/README_FILES
relay_domains =
sample_directory = /usr/share/doc/postfix-3.0.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = no
smtp_helo_name = AAAA.example.com
smtp_helo_timeout = 30
smtp_mail_timeout = 30
smtp_quit_timeout = 30
smtpd_banner = $myhostname ESMTPSA $mail_name Welcome to Mail Submit
Agent!
smtpd_client_connection_rate_limit = 40
smtpd_client_message_rate_limit = 600
smtpd_client_recipient_rate_limit = 3000
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject
smtpd_error_sleep_time = 20
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket
unix:/run/rate-limit/rate-limit.sock
smtpd_recipient_limit = 10000
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-loginmap.cf
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch,
smtpd_tls_CAfile = /etc/postfix/certs/CA.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/certs/AAAA.pem
smtpd_tls_key_file = /etc/postfix/certs/AAAA.privkey.pem
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache
unknown_local_recipient_reject_code = 550
master.cf
submission inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
