Hello again,
as i didn't work on Postfix over the last year i've been digging
around the config and the manuals at postfix.org before choosing any
of the previously exposed options.
By now, i was trying to go for option two so i created a specific user
for each of the domain managed by Postfix mta. The idea is to let the
vacation script to make use of this user to authenticate against
Postfix while trying to send the vacation email. As this Postfix
instance manages multiple domains i've updated the script so it uses
the appropriate user to authenticate against Postfix depending on the
recipient's domain. Ie, recipient u...@example.com has vacation mode
on, then the vacation script tries t login against Postfix through
vacat...@example.com but if us...@example.eu has vacation mode on then
vacation script would try to login against Postfix as
vacat...@example.eu.
While previous behaviour works fine i'm having issues exposing
vacat...@example.com as owner of the recipient address. I mean, my
Postfix instance has enforce
reject_authenticated_sender_login_mismatch
as smtpd_sender_restrictions so i created so i've added the following
statement smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf which implements
the following query:
SELECT
IF( STRCMP('%s',CONCAT_WS('@','vacation', '%d') )=0,
CONCAT_WS( ',','vacation@%d', CONCAT_WS( ',','%s', GROUP_CONCAT(a.mail
SEPARATOR ',') ) ),
CONCAT_WS(',','%s', GROUP_CONCAT(a.mail SEPARATOR ', ') )
)AS id
FROM `users` AS u
LEFT JOIN `aliases` AS a
ON LOCATE( u.id, a.destination ) AND a.enabled IS TRUE
WHERE u.id = '%s'
AND u.enabled IS TRUE
GROUP BY u.id
As you can see this query searches %s in users table, also searches %s
in aliases table so if %s matches destination inside aliases then %s
will be granted to send emails on behalf aliases.mail (from email
address). Last, this query tries to know if vacation user tries to
send an email, if so then it will always get granted as owner.
Although the SQL sentence works fine, i need in the SQL sentence the
user used to authenticate against Postfix. So my questions are:
* Is it possible to pass as parameter or whatever the user used to
authenticate against Postfix? Which will not always match the from
email address. I would like to know if vacation user was the one who
tried to send the email, if so i will always grant sending on behalf
someone else.
*Is it possible to authenticate against Postfix through the crypted
password? I mean, once i know the from address, vacation script can
login into MySQL, get his crypted password and then try to
authenticate through a custom SQL query or whatever using this crypted
password and finally try to send the email. This way
reject_authenticated_sender_login_mismatch won't jump.
Last option is to send the email through the sendmail binary but i
would like to be able to use the authenticate behaviour. If someone
knows a better way to authenticate just let me know.
Hope someone can help to solve this doubts.
Sincerely,
On Wed, Mar 9, 2016 at 1:37 PM, Pau Peris <p...@webeloping.es> wrote:
> Ok, thanks!!
>
> On Tue, Mar 8, 2016 at 8:36 PM, Wietse Venema <wie...@porcupine.org> wrote:
>> The third option was:
>> - submit autoreplies with /usr/sbin/sendmail instead of SMTP.
>>
>> Pau Peris:
>>> If i'd go by the third option, sending through sendmail instead of
>>> SMTP, i would loose the headers automatically set by Postfix.
>>
>> Wietse:
>>> Where did you get that idea from?
>>
>> Pau Peris:
>>> I'm sorry, i think i completely missunderstood option 3. I thought
>>> using sendmail would bypass Postfix completely. I assume this is wrong
>>> and it will still make use of Postfix mta? So it makes no difference
>>> on using sendmail or SMTP at "application/programming language" level?
>>
>> /usr/sbin/sendmail should be part of Postfix, or at least a symlink
>> that points to some part of Postfix.
>>
>> Wietse
