Hi,
I've recently started using postfix several weeks ago to run my e-mail
services. Using spamassassin/spamd, greylists/SQLgrey, several RBLs,
multiple domains, virtual users against MySQL tables in multiple
domains, so somewhat knowledgeable, but mostly not.
One of the companies I administrate has a policy that users submitting
outgoing mail via submission/SSL/465 can only use the server to submit
'MAIL FROM:' their SASL authenticated username, so they cannot do
non-company business as a different e-mail identity through the server.
This is turning out to be harder than I thought however.
A. IIUC, check_sender_access applies to all mail received, whether
intended for local delivery via smtp/unencrypted/25 or intended for
outbound relaying via submission/SSL/465.
B. writing a content filter to be appended to the submission line in
master.cf (say a perl script) that scans the e-mail for the 'From:'
line, then does a MySQL query against my virtual table, (then exits with
some kind of code indicating the mail should be rejected??), seems an
awful lot of work relative to the simple goal. Also how would the perl
script know the SASL authenticated ID? Maybe an environment variable
gets created?
C. Starting a second instance of postfix so that I can have a distinct
check_sender_access ruleset just for submission/465 mail seems highly
wasteful of resources. Plus, as a 2-month-old Postfix admin, I feel like
the complexity and chance of getting something very wrong is just very
high, what with ensuring I have separate directories for all the right
things.
Someone set me straight?
Thanks,
-Daniel
