On 11/29/2012 11:35 PM, Viktor Dukhovni wrote: > On Fri, Nov 30, 2012 at 04:18:14PM +1100, Adi Pircalabu wrote: > >> With Postfix 2.8.4 I want to selectively disable relaying for certain >> SMTP-authenticated users, but unfortunately in this case I don't have >> access to the authentication database which is managed by a 3rd party >> auxprop_plugin. The same database is used for both SMTP and IMAP/POP3 >> authentication and there's no known mechanism at the moment to only >> disable SMTP authentication, but still allow IMAP/POP3 logins. >> At the same time, the server should still accept email that have these >> users' email address as the envelope sender. To make it even more >> complicated, everything is happening currently on port 25. >> I tried to use sender dependent authentication with a dedicated >> transport as described here: >> http://www.postfix.org/SASL_README.html#client_sasl_sender >> http://www.postfix.org/transport.5.html >> Now I have the following entry in /etc/postfix/main.cf: >> >> sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps > > Not surprisingly, when you set the relay host to a transport:nexthop > it does not work. You may want to try: > > http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps >
Alternately, you can use a policy service, such as postfwd, that rejects the mail when sasl_username is a disabled user. http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/addon.html#policy http://postfwd.org/ -- Noel Jones
