----- Message from tobi <[email protected]> ---------
Date: Sat, 31 Jul 2021 06:49:48 +0000
From: tobi <[email protected]>
Subject: Re: reject_sender_login_mismatch
To: [email protected]
you could add a sender access map in your relay config which rejects
those domains. Place it before your sender login maps
Am 31. Juli 2021 06:06:17 UTC schrieb Simon Wilson <[email protected]>:
A quick query on smtpd_sender_login_maps format.
I have this working well on port 587 to ensure that specified
SASL-authenticated users only can send emails from their owned email
addresses.
So I have in a file 'controlled_envelope_senders' this, as an example:
@simonandkate.net simon
...and I have reject_sender_login_mismatch set in master.cf for port
587. Then in main.cf:
smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
Perfect...
I am disabling a couple of email addresses as a first step along the
way to deleting some accounts and domain names. I've disabled inbound
emails fine, and now need to prevent the users sending, while still
being able to access webmail for a few days.
The question:
Within the smtpd_sender_login_maps file, is an empty RH side valid so
*NO* SASL users can send from that (domain) address? Or does it need
to have *something* on the RHS?
Thanks
Simon
----- End message from tobi <[email protected]> -----
Yes, thank you - that would work... but it's adding another step and
another lookup file, which would be done *every* email send, and would
become an additional process to manage.
If I can do with the lookup which is happening already to validate
user login --> sending domain that would be my preference.
--
Simon Wilson
M: 0400 12 11 16
