Hm, there must be a disconnect.
I did read it, it sounded logical, I implemented it, and then my tests
worked.
I have:
smtpd_sender_login_maps = mysql:/etc/postfix/mysql_sender_login_maps.cf
smtpd_recipient_restrictions =
reject_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated,
...
When I send use the wrong source name invalidorigin, I get this:
*NOQUEUE: reject: RCPT from xxx <invalidori...@example.com>: Sender
address rejected: not owned by user validori...@example.com>*
But otherwise mail from the outside continues to come in to local
(virtual) users fine, and using an authorized source name works.
If I understand correctly, what it does during an unauthenticated
session is that if there is a recognized virtual user in the MAIL FROM:
field, it requires that the user be (SASL) logged in. If the MAIL FROM:
is /not /a recognized virtual user, the rule does nothing and passes the
filtering to the rest of the rules. This is naturally also what I want.
All good no?
Your final warning: "it won't prevent internal users from using an
external sender address" -- define internal user? Those in my virtual
table, or local Unix users? If the latter, I have none. As for "external
sender address", are you referring to the envelope field, the Reply-to:
field, or the From: field? If either of the latter two, yes we agreed
earlier in the threat that that would have to be done with a cleanup filter.
Clarify?
-Daniel
On 1/31/2011 1:23 AM, mouss wrote:
Le 31/01/2011 01:17, Daniel Bromberg a écrit :
Brilliant, reject_sender_login_mismatch is the perfect level of
flexibility and is working now. I can add whatever authorizations I
need to my virtual user table in the DB, in a separate column if need
be. (right now I'm using the trivial match of<authorized names> =<the
login name>)
Importantly, if it's not a SASL-based session no such authorization
check is done, rather the usual "you're a stranger, for local delivery
only" rules apply there.
you need to read what reject_sender_login_mismatch does.
- it won't prevent internal users from using an external sender address
(unless you return some invalid login for external addresses, but then
that also applies to external users!).
- it also applies to non authenticated mail.
reject_authenticated_sender_login_mismatch is the variant that only
applies to authenticated mail.
So, I don't need to have a separate ruleset, as
this rule already has the proper granularity.
Conceivably, someone could hack a non-standard e-mail client to use the
SASL name in the MAIL FROM, but tweak the 'From: ' line to anything they
like (although the MAIL FROM would appear in the Return-Path / Sender
fields), and this is harder to stop, correct? But we are in rare corner
cases now, not ordinary users I would think.
depends on which mail clients they use. some mail clients make that hard
(they derive the envelope sender from the From: header). others make it
easy. but motivated users can ask for help on the Internet...
[snip]
