On 10/19/2011 1:21 PM, Noel Jones wrote:
On 10/19/2011 3:06 PM, Daniel L. Miller wrote:
How can I execute a policy service AFTER successful authentication
or local sender verification?
Have your policy service check for existence of sasl_sender or
sasl_username.
If I use that in smtpd_sender_restrictions - where would I place it? If
I place it AFTER "permit_sasl_authenticated" - that would mean my policy
service is never called? If I place it BEFORE that check, by the time
smtpd_sender_restrictions is evaluated, are the
sasl_sender/sasl_username fields filled?
Is simply having a non-empty sasl_sender/sasl_username confirmation of
successful sasl authentication - so the policy service doesn't have to
perform any validation of the value beyond non-empty? Would sasl_method
also be a valid test?
What about non-authenticated but valid local sender (via IP range).
Would I do the check in smtpd_client_restrictions - and have the policy
service test client_address? Is there a test I can use to have Postfix
validate the IP - instead of duplicating the IP check?
--
Daniel
