Hello,
And IF dovecot is the best angle of attack, I do not know.
Neither do I. People who actually use Dovecot for submission might know.
See below. Apparently I was imprecise in the formulation who does submission
listening/receiving. Its pf.
Maybe some kind of policy driven solution coming from
postfix/amavis/dovecot in combination driven by pf is?
I'm not even sure whether Dovecot's submission facility ever talks to Postfix.
It MIGHT in your case, but it also MIGHT be using some other MTA somewhere else.
People who actually use Dovecot for submission might know the right questions
to ask to figure out what you're doing.
If you were using Postfix for submission, there would be a way to do what you
want using SMTP restriction classes. If you only need to do it for one user,
you may not even need that. For those approaches to work with Dovecot, your
system would need to pass all submitted mail to your Postfix for relay. If you
were to do that, why submit via Dovecot at all?
submission is done via postfix. Auth is against dovecot mechanism with
...sasl_type=dovecot ...sasl_auth_enable=yes ...sasl_path=private/auth in
master.cf.
...
So now back to SMTP restriction classes perhaps. Thanks for this
pointer/keyword!
I found "something" on server fault and the pf readme, but I seem to be too
slow in understanding and piecing things together.
If I understood correctly, I need to have a "list" containing the "jailed"
user1@domain_AB. Let's call it restricted_senders as in the pf docs.
---8<---
#
user1@domain_AB local_only
---8<---
I have added it in my main.cf (I add smtpd_client_restrictions for
completeness, perhaps there is the issue in the combined setup?):
---8<---
...
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
check_client_access btree:$meta_directory/client_checks,
check_sender_access btree:$meta_directory/sender_access,
check_sender_mx_access cidr:$meta_directory/access_mx,
check_sender_ns_access cidr:$meta_directory/access_ns,
check_sender_access btree:$meta_directory/rhsbl_sender_domain_exceptions,
check_sender_access
btree:$meta_directory/reject_unverified_sender_exceptions,
reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
reject_rbl_client zen.spamcop.net,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_client hostkarma.junkemailfilter.com=127.0.0.2,
reject_invalid_helo_hostname,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
Permit
#
smtpd_recipient_restrictions = permit_mynetworks,
check_sender_access btree:$meta_directory/restricted_senders,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
check_policy_service inet:[127.0.0.1]:10023,
check_recipient_access regexp:$meta_directory/recipient_checks.regexp,
check_recipient_access btree:$meta_directory/recipient_checks,
reject_non_fqdn_recipient
#
smtpd_restriction_classes = local_only
local_only = check_recipient_access btree:/etc/postfix/local_domains, reject
...
---8<---
But testing it, it doesn't work. Any helping hand here?
--
Florian Piekert, PMP flo...@floppy.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
