On Wed, 1 Sep 2010 16:33:31 -1000 (HST), Julian Cowley <jul...@lava.net> wrote: > Hello, > > I would like to block a particular user who is authenticated using > SASL from sending mail. Is there a way to do this? > > I found one way to do it, but it is not perfect. I can block the > the email address of that user (the one they normally use) using > smtpd_sender_login_maps. This doesn't prevent them from using another > email address, however. > > smtpd_recipient_restrictions = Why would you use _recipient_ restrictions to block a _sender_?
> ... > reject_sender_login_mismatch > ... > > smtpd_sender_login_maps = regexp:/path/sender_login_map > > sender_login_map: > > /^u...@example\.com$/ unmatchable_string_SLDKFJNSDFLKJSDNFSKSDLFJN > > Is this the right approach or have I missed something entirely? It is a good idea to use smtpd_sender_restrictions = ..., reject_sender_login_mismatch, ... anyway, so why don't you try to introduce that, and then you can just not assign any sender address to this particular user, e.g. sender_login_maps = hash:/etc/postfix/sender_permissions sender_permissions: @domain1.com validuser1 @domain2.com validuser2 -> then "unwanteduser" will not be able to send from either domain, because it's login name does not appear in any list of allowed accounts. Stefan
