On Thu, Aug 21, 2014 at 03:51:05PM -0700, Ronald F. Guilmette wrote:
> In message <20140821215806.gx23...@harrier.slackbuilds.org>,
> /dev/rob0 <r...@gmx.co.uk> wrote:
> >I don't know if any of the existing projects (such as cbpolicyd
> >or postfwd) can do this easily, but it shouldn't be hard to add.
>
> So, nothing already exists along these lines?
I'm not experienced enough with either project to answer that.
> P.S. There are certainly sites... mine included... that eschew the
> complexity of SASL and find in utterly unnecessary and superfluous
> in the limited local context. (Trust, including the capability to
> send outbound, is, in my local context, limited to 127.0.0.1 and
> the RFC 1918 addresses.)
>
> I only mention this to emphasize that an optimal solution...
> should anyone be motivated to venture forth and create one...
> would not and should not assume that local senders/recipients
> will be "logging in" to the local mail server (e.g. via SASL).
I only mention SASL in the context of "know who is sending this."
Similar results can be had without SASL; just be sure your MX
(inbound) stream is completely separate from your submission
(outbound) stream.
SASL username is one of many attributes which can be examined by
policy services. Others include client IP address, envelope sender
and recipient, HELO name, and more. For complete details, see:
http://www.postfix.org/SMTPD_POLICY_README.html
With a client IP from RFC 1918, you could, for example, assign your
users specified HELO names, giving you two layers of proof of
identity.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
