Am 11.02.2011 10:08, schrieb Nikolaos Milas: > Thank you Noel, > > After searching for a while, I found your info/solutions were complete and > accurate. > > Locking sender addresses with authenticated users appears to be a good > practice, anyway. > > Here, I have two questions about reject_sender_login_mismatch: > > 1. If sender is in the form "f...@example.com" and (SASL) login name > is foo, will this lead to an "automatic" match (i.e. without using > smtpd_sender_login_maps) or we *always* need to define an explicit > mapping between f...@example.com and foo in smtpd_sender_login_maps?
there is nothing automatic, even if login-name is the same as the mail-address > 2. About reject_unauthenticated_sender_login_mismatch: How > sender-login matching works with unauthenticated clients? Since > the client is unauthenticated (so postfix doesn't know a login > name associated with the current client) how can postfix match > sender address with login name? It will have to drop all these > connections? Unauthenticated clients do not interest here because they do not relay "reject_unauthenticated_sender_login_mismatch" means that mails from outside are no problem (other smtp-servers deliver mails to you) but your users can not send with any address they want If you make sure your server is not a open-relay all is fine
signature.asc
Description: OpenPGP digital signature
