On Thu, 2 Sep 2010, Stefan Seidel wrote: > On Wed, 1 Sep 2010 16:33:31 -1000 (HST), Julian Cowley <jul...@lava.net> > wrote: > > Hello, > > > > I would like to block a particular user who is authenticated using > > SASL from sending mail. Is there a way to do this? > > > > I found one way to do it, but it is not perfect. I can block the > > the email address of that user (the one they normally use) using > > smtpd_sender_login_maps. This doesn't prevent them from using another > > email address, however. > > > > smtpd_recipient_restrictions = > Why would you use _recipient_ restrictions to block a _sender_?
Habit, mostly. If smtpd_delay_reject is true, which is the default, then it doesn't really matter which list you put the restrictions in. It's pretty common to put all of the restrictions into smtpd_recipient_restrictions so that all of the restrictions are in one list where they are easier to find. > > ... > > reject_sender_login_mismatch > > ... > > > > smtpd_sender_login_maps = regexp:/path/sender_login_map > > > > sender_login_map: > > > > /^u...@example\.com$/ unmatchable_string_SLDKFJNSDFLKJSDNFSKSDLFJN > > > > Is this the right approach or have I missed something entirely? > > It is a good idea to use > smtpd_sender_restrictions = ..., reject_sender_login_mismatch, ... > anyway, so why don't you try to introduce that, and then you can just not > assign any sender address to this particular user, e.g. > > sender_login_maps = hash:/etc/postfix/sender_permissions > > sender_permissions: > @domain1.com validuser1 > @domain2.com validuser2 That certainly works, but not for my situation. All of my valid users are under one domain (mostly), so it wouldn't scale to list all of the users except one on the right-hand side. > -> then "unwanteduser" will not be able to send from either domain, > because it's login name does not appear in any list of allowed accounts. Seems like there ought to be an easier way, but I'm not sure Postfix has it yet. For now I'm using a workaround. > Stefan
