On Thu, Nov 03, 2011 at 10:47:18PM -0500, Chris Richards wrote:
> Am I right in guessing that if I do something like the following:
>
> smtpd_sender_restrictions = permit_mynetworks,
> check_sender_access mysql:/etc/postfix/mysql_sender_access.cf,
> permit_sasl_authenticated,
> reject;
>
> where check_sender_access returns 'dunno' for 'trusted' clients and 'no'
> for 'untrusted' clients, that the result will be to fall through to
> permit_sasl_auth for the 'trusted' clients and fail entirely for the
> 'untrusted' clients who are OUTSIDE, but still permit normal relay for
> clients who are INSIDE?
If this is an MX host, you need to allow mail to your own domains
before you "reject" to, otherwise only your own users will be
able to send you email.
Since the sender address and the SASL login account are not
necessarily the same. You also need to use
reject_authenticated_sender_login_mismatch. So the whole thing
boils down to:
smtpd_sender_restrictions =
permit_auth_destination,
permit_mynetworks,
check_sender_access mysql:/etc/postfix/mysql_sender_access.cf,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated
You then also need smtpd_sender_login_maps and each authenticated user
will be constrained to only use the designated sender addresses. If that's
too much pain or is overly restrictive, perhaps as others have tried to
point out you may be solving the wrong problem, just configure the
authentication layer to lock the abused accounts and work on preventing
re-compromise of any accounts you plan to re-enable.
--
Viktor.
