On 12/14/2011 8:15 PM, Simon wrote: > > On 15/12/2011, at 3:05 PM, Noel Jones wrote: > >> The sender_login_maps and friends is the only built-in method to >> associate a SASL login with allowed envelope senders. >> >> As a more flexible alternative, you could use an external policy >> service. I don't know of any policy services that handle this >> specifically, but I suppose postfwd could be convinced to do some of it. >> >> >> http://www.postfix.org/SMTPD_POLICY_README.html >> http://www.postfix.org/addon.html#policy > > Thanks again... what if i just wanted postfix to check a mysql-based list of > approved sending email addresses and/or domains? e.g. NOT associate it with a > SASL login but has an approved sender list. e.g. all SASL login's would be > able to send "from" all of the domains/addresses on the list? (I'm thinking > of a specific situation where i would need this). > > Simon >
That's easy enough to do with a check_sender_access map. Assuming an MSA (user submission only, no general incoming mail), something as simple as: smtpd_sender_restrictions = check_sender_access hash:/path/to/allowed_senders reject With allowed_senders table something like us...@example.com OK example.org OK Any sender not on the approved list gets rejected. Do this in smtpd_sender_restrictions to avoid possible open relay accidents that could occur if you do this test in smtpd_recipients_restrictions. These restrictions could also be put into master.cf as -o options on the submission or smtps services. -- Noel Jones
