DevHeads.net

Reply to comment

Re: Question about reject_unauthenticated_sender_login_mismatch

By mouss at 01/30/2009 - 11:45

jeff_homeip a écrit :

I hope you didn't miss this.

in your restrictions, reject_authenticated_* is useless, because
authenticated transactions have been permitted by permit_sasl_authenticated.

or did you mean reject_UNauthenticated_*?

to sum up:

- if <a href="mailto: ... at example dot com"> ... at example dot com</a> can only be used by user 'foo', then use
reject_sender_login_mismatch.

- if <a href="mailto: ... at example dot com"> ... at example dot com</a> must be authenticated (but you don't care who the
user is), then use reject_unauthenticated_*

- if <a href="mailto: ... at example dot com"> ... at example dot com</a> can be used (without auth) OR (if auth'ed, the user
must be 'foo'), then use reject_authenticated_*.

<advanced> (skip if not confident...)
you can implement this on a per sender basis using a check_sender_access
with a map that returns one of the above depending on the sender.

for example:

smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/access_sender_login

== access_sender_login:
<a href="mailto: ... at example dot com"> ... at example dot com</a> reject_sender_login_mismatch
<a href="mailto: ... at example dot com"> ... at example dot com</a> reject_authenticated_sender_login_mismatch
<a href="mailto: ... at example dot com"> ... at example dot com</a> reject_unauthenticated_sender_login_mismatch
<a href="mailto: ... at example dot com"> ... at example dot com</a> DUNNO
example.com reject_sender_login_mismatch
</advanced>

Reply