On Thu, May 29, 2014 at 08:08:45AM -0700, G H wrote:
> I am trying to utilize Postfix to restrict the sending of mail
> from certain users based on the MAIL FROM command. However, it
> doesn't appear that Postfix-2.10.2 is paying attention to my
> check_sender_access restrictions at all. I have it before
> permit_mynetworks, but the verify daemon doesn't appear to be doing
> any check at all on the MAIL FROM value.
>
> How do I get postfix to be able restrict sending mail from certain
> users? I would expect to see SWAKS get a rejection message as soon
> as the MAIL FROM command is entered.
>
> Postfix config for recipient/sender restrictions:
>
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject_unverified_recipient,
> permit_mynetworks,
> reject_unauth_destination,
> permit
>
> smtpd_sender_restrictions =
> check_sender_access sqlite:/etc/postfix/sqlite-sender_access.cf,
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> permit
> My sqlite-sender_access.cf file:
> dbpath = /var/mail/mailusers.db
> query = SELECT 'REJECT' AS action
> FROM users
> WHERE username = '%s@'
> AND send_mail = 'f'
Postfix does not use bare localparts as keys for access lookups.
Rather its bare localpart lookup key is "user@", to which you're
appending another "@". Secondly, you've not constrained the sender
domain, and applying such rules to remote localparts is generally
unwise.
http://www.postfix.org/access.5.html
--
Viktor.
