Re: How to force SMTP AUTH to restrict Sender Addresses?

Tue, 15 Jun 2010 13:55:53 -0700 

Viktor,

You said:
      "You need correct mappings in smtpd_sender_login_maps, mapping each
        sender address to the correct SASL login."

Does that mean that Postfix will not pull the User Name and Email address from 
the Open Directory?

I had assumed that it was already pulling the User Name / Password for SASL
from Open Directory. Is there no way to also access the Email address in OD 
or use the User Name from the SASL authentication as the left portion of the 
email address?

For example, my user name is, "andrewgrant" and my email is, 
"andrewgr...@mydomain.com".

Is there no way to avoid creating another hash file with every User Name and 
Email address inside?

On Jun 15, 2010, at 12:40 PM, Victor Duchovni wrote:

On Tue, Jun 15, 2010 at 11:32:07AM -0700, Andrew G. Grant wrote:

> Thank you Viktor. That does in fact stop the email if there is a mismatch.
> However, now I cannot send anything as it tells me that I don't own the 
> email address I am trying to send to.
> 
> Can you tell me what it is checking to verify that the User Name 
> belongs to the Email address the user is sending from?
> 
> My sender restrictions look like this:
> smtpd_sender_restrictions =
> #  reject_sender_login_mismatch,
>  reject_authenticated_sender_login_mismatch,
> #  reject_unauthenticated_sender_login_mismatch,
>  permit_sasl_authenticated,
>  reject_non_fqdn_sender,
>  reject_unknown_sender_domain,
>  permit
> 
> I am currently getting this error in my SMTP logs:
> 
> Jun 15 11:24:32 miniserve-rmd-1 postfix/smtpd[58338]: connect from 
> andrew-grant.mydomain.com[10.1.2.166]
> Jun 15 11:24:32 miniserve-rmd-1 postfix/smtpd[58338]: NOQUEUE: reject: RCPT 
> from andrew-grant.mydomain.com[10.1.2.166]: 553 5.7.1 
> <andrewgr...@mail.mydomain.com>: Sender address rejected: not owned by user 
> andrewgrant; from=<andrewgr...@mail.mydomain.com> 
> to=<andrewgr...@mail.mydomain.com> proto=ESMTP 
> helo=<andrew-grant.mydomain.com>
> Jun 15 11:24:32 miniserve-rmd-1 postfix/smtpd[58338]: disconnect from 
> andrew-grant.mydomain.com[10.1.2.166]
> 
> Any thoughts as to what I should look at to verify that my User Name really 
> does belong to my Email address?

You need correct mappings in smtpd_sender_login_maps, mapping each
sender address to the correct SASL login.

-- 
        Viktor.

Reply via email to