On Mon, Jan 12, 2009 at 01:25:38PM -0800, Jeff Weinberger wrote:
> reject_sender_login_mismatch checks the from address against
> smtpd_sender_login_maps to be sure that the MAIL FROM address is owned by
> the SASL-authenticated sender.
>
> But with reject_unauthenticated_sender_login_mismatch, there is no
> SASL-authenticated sender.
This subsumes the functionality of both:
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
if the session is authenticated the first test is applied, otherwise
the second test is applied.
> http://www.postfix.com/postconf.5.html says that
> reject_unauthenticated_sender_login_mismatch "Enforces the
> reject_sender_login_mismatch restriction for unauthenticated clients only"
> (and nothing more)
>
> All of that to get to my question:
>
> What does reject_unauthenticated_sender_login_mismatch check the MAIL FROM
> address against?
The smtpd_sender_login_maps table.
> Or does it just check the smtpd_sender_login_maps for a valid MAIL FROM
> address (regardless of ownership)?
s/valid//
If an address is found in the table, and the sender is not authenticated,
the message is rejected.
> (yes, I'm trying to figure out if using this in my
> smtpd_sender_restrictions would help and how it might do so)
If you are already using the combined restriction, there is no point
in adding either of the constituent building-block restrictions.
If you want to restrict your policy to either the authenticated, or the
unauthenticatd case, then replace the combined restriction with the
appropriate more specific restriction.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
