On 12/9/2012 2:35 PM, Grant wrote: > I'm sorry for the weird description. I want to send email alerts > from each of my systems to my own email address. To do this, I've > created a special user on my mail server and put that user's > password in ssmtp.conf on each of my systems. Since this is not a > secure way to store a password, I'd like to lock down the special > user on my mail server so that any mail client authenticating as > that user can only send email to my email address. That way the > password doesn't need to be secure. > > - Grant
To really lock this down requires two steps: 1 - limit the credentials to a specific sender address. 2 - limit the sender address to a specific recipient. something like: # main.cf smtpd_sender_login_maps = hash:/etc/postfix/sender_login smtpd_sender_restrictions = reject_sender_login_mismatch check_sender_access hash:/etc/postfix/limited_sender # sender_login u...@example.com user_login_name #limited_sender u...@example.com REDIRECT tar...@example.com http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch http://www.postfix.org/postconf.5.html#check_sender_access http://www.postfix.org/access.5.html The reject_sender_login_mismatch will limit which MAIL FROM can be used with the credentials. The REDIRECT will capture all mail from that sender and direct it to the specified user, regardless of where it was originally addressed. Rather than the REDIRECT, some folks might prefer to use a restriction class to reject mail addressed to the wrong recipient. http://www.postfix.org/RESTRICTION_CLASS_README.html And as a final option, you can do all this and more in an external policy service. (eg. postfwd) http://www.postfix.org/SMTPD_POLICY_README.html -- Noel Jones
