On Sat, Nov 05, 2011 at 10:17:00PM -0500, Chris Richards wrote:
> Victor, yes I figured out about reject_authenticated_sender_login_mismatch
> and smtpd_sender_login_maps. I'm still working that out, but I don't
> believe that is going to be an issue.
On my personal email server, I use non-Postfix means to limit who
can use SASL to authenticate to Postfix. In /etc/pam.d/dovecot (Postfix
is configured to use dovecot auth) I have:
auth required pam_group.so group=pamimap
which means that only users in that group can use "PLAIN" auth via PAM. You
may be able to use similar means to less intrusively control which users
can use authentication to get relay rights. Also rate limits, and other
controls may be more effective.
Requiring all users to use a fixed sender address may punish too
many to solve the problems of a few.
--
Viktor.
