Port 587 has been invented for this very purpose ;)
On 30/01/11 21:31, Daniel Bromberg wrote:
Hi,
I've recently started using postfix several weeks ago to run my e-mail
services. Using spamassassin/spamd, greylists/SQLgrey, several RBLs,
multiple domains, virtual users against MySQL tables in multiple
domains, so somewhat knowledgeable, but mostly not.
One of the companies I administrate has a policy that users submitting
outgoing mail via submission/SSL/465 can only use the server to submit
'MAIL FROM:' their SASL authenticated username, so they cannot do
non-company business as a different e-mail identity through the server.
This is turning out to be harder than I thought however.
A. IIUC, check_sender_access applies to all mail received, whether
intended for local delivery via smtp/unencrypted/25 or intended for
outbound relaying via submission/SSL/465.
B. writing a content filter to be appended to the submission line in
master.cf (say a perl script) that scans the e-mail for the 'From:'
line, then does a MySQL query against my virtual table, (then exits
with some kind of code indicating the mail should be rejected??),
seems an awful lot of work relative to the simple goal. Also how would
the perl script know the SASL authenticated ID? Maybe an environment
variable gets created?
C. Starting a second instance of postfix so that I can have a distinct
check_sender_access ruleset just for submission/465 mail seems highly
wasteful of resources. Plus, as a 2-month-old Postfix admin, I feel
like the complexity and chance of getting something very wrong is just
very high, what with ensuring I have separate directories for all the
right things.
Someone set me straight?
Thanks,
-Daniel
