Demi M. Obenour:
> On 10/6/20 12:46 PM, Wietse Venema wrote:
> > Demi M. Obenour:
> >> On 10/6/20 9:47 AM, Wietse Venema wrote:
> >>> allow 'not found' users, similar to smtpd_sender_login_maps
> >>
> >> Would it be possible to make this configurable? The documentation
> >> seems to imply that reject_sender_login_mismatch considers ?not
> >> found? to be an error, while reject_known_sender_login_mismatch
> >> does not. On systems I administer, I would prefer for an unknown
> >> user to not be allowed to submit mail, but I understand if this cannot
> >> be the default. The patch I submitted blocks ?not found? users,
> >> but the default local_sender_login_maps (static:*) matches every user,
> >> so the default behavior is the same as now.
> >
> > For me, 'not found' also includes the case that the user is not found
> > in the passwd file.
>
> By "allow 'not found' users", do you mean that such users will
> automatically be granted access, or that they will still be looked up
> (perhaps by numeric UID) in local_sender_login_maps?
Postfix sendmail looks up the username only if no sender was specified
with -f, and terminates if the username cannot be found. That behavior
should not change by default.
If the feature is turned on then there should probably be a
default action for users not listed in the table (deny or allow).
Its not going to be pretty when only the numerical UID is avaialble
(a 1:1 mapping username->sender would not make sense).
Wietse
