On Mon, Oct 03, 2016 at 11:35:54AM +0200, Niklaas Baudet von Gersdorff wrote:
> For example, if I want to send email from [email protected] from my > account [email protected], I'd need the following entry in > smtpd_sender_login_maps: > > [email protected] [email protected] The table lookup key is a sender address, and the RHS is a list of logins, so this example is backwards. > If I use reject_sender_login_mismatch without the above entry, > I am only allowed to send from [email protected] when using > [email protected] as login. Provided that a suitable entry permits that: [email protected] [email protected] See http://www.postfix.org/SASL_README.html#server_sasl_authz The relevant restrictions are: 1. http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch 2. http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch 3. http://www.postfix.org/postconf.5.html#reject_unauth_sender_login_mismatch 4. http://www.postfix.org/postconf.5.html#reject_known_sender_login_mismatch 1. This requires a matching sender for all logged-in users, and a matching login for all listed senders. This subsumes 2, 3 and 4. 2. This only applies the constraints in to authenticated users, unauthenticated users are not restricted. This is the authenticated user policy part of 1. 3. This prevents unauthenticated users from sending as listed senders. Authenticated users are restricted. This is the unauthenticated policy part of 1. 4. This restricts access only to listed sender addresses, in which case a matching login is required. Anyone can send from an unlisted sender address. This is the listed address policy part of 1. -- Viktor.
