I'm confused about how the reject_sender_login_mismatch restriction works.
"reject_sender_login_mismatch Reject the request when $smtpd_sender_login_maps <http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps> specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps <http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps> ." I also tried "reject_authenticated_sender_login_mismatch". Assume a submission client logs in with SASL as "user@domain" and sends mail with a MAIL FROM address of "user@domain". If either $smtpd_sender_login_maps is null, or it points to a file that is empty, then neither of the two conditions described for reject_sender_login_mismatch are true. (Note: the conditions do not state that the client login or the MAIL FROM address must be listed in $smtpd_sender_login_maps.) So, it seems to me that the mail should be allowed. But it is being blocked: Jul 1 09:42:39 myhost postfix/submission/smtpd[10750]: NOQUEUE: reject: RCPT from unknown[192.168.7.180]: 553 5.7.1 <user@domain>: Sender address rejected: not owned by user user@domain; from=<user@domain> to=<someone@elsewhere> proto=ESMTP helo=<[192.168.7.180]> If $smtpd_sender_login_maps does exist, and the file includes an entry of: "user@domain user@domain". Then the mail is allowed. But this means that every valid MAIL FROM address has to be listed (twice) in the file. I can understand the value of this mapping if you want to allow a given SASL login to use multiple MAIL FROM addresses. But is there a way to require that the MAIL FROM address must match the SASL logged in address, whatever that address may be, without having to explicitly list each and every address? Thanks, Michael
