Given: A dedicated Postfix instance, configured to accept mails from
SASL authenticated users. It seems that unlike access(5) maps, the
lookup for smtpd_sender_login_maps for addresses which contain
$recipient_delimiter is not tried at all without the extension:
# postmulti -i postfix-sasl -x postconf recipient_delimiter
smtpd_sender_login_maps
recipient_delimiter = +
smtpd_sender_login_maps = proxy:pgsql:${maps_dir}/sasl-maps.pgsql
# maps_dir=/etc/postfix-sasl/maps
# postmap -q sfoers...@incertum.net pgsql:${maps_dir}/sasl-maps.restricted
cite
# postmap -q sfoerster+t...@incertum.net pgsql:${maps_dir}/sasl-maps.restricted
# swaks -t sfoers...@incertum.net -f sfoerster+t...@incertum.net -tls -s
saslhub.kvm \
> -p 587 -tls -au cite -ap secret 2>&1 | grep "not owned"
<~* 553 5.7.1 <sfoerster+t...@incertum.net>: Sender address rejected: not owned
by user cite
"(Note: "swaks" is an SMTP testing tool. The "-f" parameter to swaks
sets the address used in the "mail from:<...>" command).
Without the address extension, the user is able to relay just fine.
While the solution is obvious in my case (modify the SQL query), may I
request a new feature in Postfix that performs lookups in
smtpd_sender_login_maps in the same matter as lookups in an access(5)
table are done, with regards to address extensions?
Oh, BTW: Multi-instance support is a terrific feature.
Cheers
Stefan
P.S: I don't really want to get into an argument about why anyone
nowadays would need address extensions. If the general consensus on
this list is that address extensions are only needed for mailing
lists, I will quietly rest my case.
