* Julian Cowley <jul...@lava.net>: > On Thu, 2 Sep 2010, Patrick Ben Koetter wrote: > > * Julian Cowley <jul...@lava.net>: > > > Hello, > > > > > > I would like to block a particular user who is authenticated using > > > SASL from sending mail. Is there a way to do this? > > > > Where do you keep this users credentials? Disable the auth account. > > Yes thanks, that works. Unfortunately, on our system this also > disables all other services for that user such as email reading and > server logins. To fix this, I'd need to modify the authentication > server outside of Postfix (namely Dovecot) to reject the user somehow.
Add an additional condition if you use SQL or LDAP, something alone the lines of "... AND active='TRUE'" to your query. > I was hoping that there was a way solely in Postfix that would allow > me to reject mail for a SASL login at the MAIL FROM/RCPT TO stage > rather than the authentication stage. Clients AUTH first and then they start a regular SMTP session. At least the ones I know... Why not disable AUTH in the persons client? p...@rick > At this point, I'll just reject the user's main email address using > check_sender_access and REJECT, which is equivalent to all the crud > I wrote up below and would allow me to customize the message. > > > > I found one way to do it, but it is not perfect. I can block the > > > the email address of that user (the one they normally use) using > > > smtpd_sender_login_maps. This doesn't prevent them from using another > > > email address, however. > > > > > > smtpd_recipient_restrictions = > > > ... > > > reject_sender_login_mismatch > > > ... > > > > > > smtpd_sender_login_maps = regexp:/path/sender_login_map > > > > > > sender_login_map: > > > > > > /^u...@example\.com$/ unmatchable_string_SLDKFJNSDFLKJSDNFSKSDLFJN > > > > > > The unmatchable string is because I want the entry to exist for that > > > email address, but I don't want to list any string that could be > > > matched as a SASL username. > > > > > > Is this the right approach or have I missed something entirely? -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
