On Thu, 2 Sep 2010, Patrick Ben Koetter wrote: > * Julian Cowley <jul...@lava.net>: > > Hello, > > > > I would like to block a particular user who is authenticated using > > SASL from sending mail. Is there a way to do this? > > Where do you keep this users credentials? Disable the auth account.
Yes thanks, that works. Unfortunately, on our system this also disables all other services for that user such as email reading and server logins. To fix this, I'd need to modify the authentication server outside of Postfix (namely Dovecot) to reject the user somehow. I was hoping that there was a way solely in Postfix that would allow me to reject mail for a SASL login at the MAIL FROM/RCPT TO stage rather than the authentication stage. At this point, I'll just reject the user's main email address using check_sender_access and REJECT, which is equivalent to all the crud I wrote up below and would allow me to customize the message. > > I found one way to do it, but it is not perfect. I can block the > > the email address of that user (the one they normally use) using > > smtpd_sender_login_maps. This doesn't prevent them from using another > > email address, however. > > > > smtpd_recipient_restrictions = > > ... > > reject_sender_login_mismatch > > ... > > > > smtpd_sender_login_maps = regexp:/path/sender_login_map > > > > sender_login_map: > > > > /^u...@example\.com$/ unmatchable_string_SLDKFJNSDFLKJSDNFSKSDLFJN > > > > The unmatchable string is because I want the entry to exist for that > > email address, but I don't want to list any string that could be > > matched as a SASL username. > > > > Is this the right approach or have I missed something entirely?
