On 12/14/2011 7:38 PM, Simon wrote:
>
> On 15/12/2011, at 2:02 PM, Noel Jones wrote:
>
>> On 12/14/2011 3:18 PM, Simon wrote:
>>>
>>>
>>> What we would like todo is update our config so that postfix will only send
>>> "from" {anything}@clientdomain.com (where the domain is listed in our
>>> "transport" mysql table) and from b...@externaldomain.com (where the user
>>> has run thru a registration process via our web-based control panel - the
>>> same process as gmail)..
>>>
>>> Can someone please give me some pointers here on where to start? I have
>>> searched quite bit for this, but can't think of the correct terms to find
>>> what i want...
>>>
>>> Thanks!
>>>
>>> Simon
>>>
>>
>>
>> You can associate sasl credentials with allowed "MAIL FROM" envelope
>> sender. This does not restrict the contents of the From: header.
>>
>> http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
>> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
>
> OK.. so basically this also allows us to lock it down further so that each
> sasl user has its own list of "allowed" domains and/or email addresses...
> Nice.
>
> We also have specific sasl uses for clients websites... these are used to
> allow the website to send email (forms and such). I can see how we could use
> the above to also provide correct details for these sasl users as well...
>
> So is smtpd_sender_login_maps the best way to achieve the result I'm looking
> for in my orginal email? There is no other way that other people can see?
>
> If this is the way... ill fire on into it :)
>
> Thanks!
>
> Simon
The sender_login_maps and friends is the only built-in method to
associate a SASL login with allowed envelope senders.
As a more flexible alternative, you could use an external policy
service. I don't know of any policy services that handle this
specifically, but I suppose postfwd could be convinced to do some of it.
http://www.postfix.org/SMTPD_POLICY_README.html
http://www.postfix.org/addon.html#policy
-- Noel Jones
