Hi,
do someone know if it's possible to:
* Pass as parameter to smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf so i can use this
parameter inside the query?
*Authenticate against Postfix through the crypted password? I mean, if
know a cryped password and it semail address, can i try to login
through any kind of service/process?
Thanks!
On Thu, Mar 17, 2016 at 7:46 PM, Pau Peris <p...@webeloping.es> wrote:
> Hello again,
>
> as i didn't work on Postfix over the last year i've been digging
> around the config and the manuals at postfix.org before choosing any
> of the previously exposed options.
>
> By now, i was trying to go for option two so i created a specific user
> for each of the domain managed by Postfix mta. The idea is to let the
> vacation script to make use of this user to authenticate against
> Postfix while trying to send the vacation email. As this Postfix
> instance manages multiple domains i've updated the script so it uses
> the appropriate user to authenticate against Postfix depending on the
> recipient's domain. Ie, recipient u...@example.com has vacation mode
> on, then the vacation script tries t login against Postfix through
> vacat...@example.com but if us...@example.eu has vacation mode on then
> vacation script would try to login against Postfix as
> vacat...@example.eu.
>
> While previous behaviour works fine i'm having issues exposing
> vacat...@example.com as owner of the recipient address. I mean, my
> Postfix instance has enforce
> reject_authenticated_sender_login_mismatch
> as smtpd_sender_restrictions so i created so i've added the following
> statement smtpd_sender_login_maps =
> proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf which implements
> the following query:
> SELECT
> IF( STRCMP('%s',CONCAT_WS('@','vacation', '%d') )=0,
> CONCAT_WS( ',','vacation@%d', CONCAT_WS( ',','%s', GROUP_CONCAT(a.mail
> SEPARATOR ',') ) ),
> CONCAT_WS(',','%s', GROUP_CONCAT(a.mail SEPARATOR ', ') )
> )AS id
> FROM `users` AS u
> LEFT JOIN `aliases` AS a
> ON LOCATE( u.id, a.destination ) AND a.enabled IS TRUE
> WHERE u.id = '%s'
> AND u.enabled IS TRUE
> GROUP BY u.id
>
> As you can see this query searches %s in users table, also searches %s
> in aliases table so if %s matches destination inside aliases then %s
> will be granted to send emails on behalf aliases.mail (from email
> address). Last, this query tries to know if vacation user tries to
> send an email, if so then it will always get granted as owner.
> Although the SQL sentence works fine, i need in the SQL sentence the
> user used to authenticate against Postfix. So my questions are:
> * Is it possible to pass as parameter or whatever the user used to
> authenticate against Postfix? Which will not always match the from
> email address. I would like to know if vacation user was the one who
> tried to send the email, if so i will always grant sending on behalf
> someone else.
> *Is it possible to authenticate against Postfix through the crypted
> password? I mean, once i know the from address, vacation script can
> login into MySQL, get his crypted password and then try to
> authenticate through a custom SQL query or whatever using this crypted
> password and finally try to send the email. This way
> reject_authenticated_sender_login_mismatch won't jump.
>
> Last option is to send the email through the sendmail binary but i
> would like to be able to use the authenticate behaviour. If someone
> knows a better way to authenticate just let me know.
>
> Hope someone can help to solve this doubts.
>
> Sincerely,
>
> On Wed, Mar 9, 2016 at 1:37 PM, Pau Peris <p...@webeloping.es> wrote:
>> Ok, thanks!!
>>
>> On Tue, Mar 8, 2016 at 8:36 PM, Wietse Venema <wie...@porcupine.org> wrote:
>>> The third option was:
>>> - submit autoreplies with /usr/sbin/sendmail instead of SMTP.
>>>
>>> Pau Peris:
>>>> If i'd go by the third option, sending through sendmail instead of
>>>> SMTP, i would loose the headers automatically set by Postfix.
>>>
>>> Wietse:
>>>> Where did you get that idea from?
>>>
>>> Pau Peris:
>>>> I'm sorry, i think i completely missunderstood option 3. I thought
>>>> using sendmail would bypass Postfix completely. I assume this is wrong
>>>> and it will still make use of Postfix mta? So it makes no difference
>>>> on using sendmail or SMTP at "application/programming language" level?
>>>
>>> /usr/sbin/sendmail should be part of Postfix, or at least a symlink
>>> that points to some part of Postfix.
>>>
>>> Wietse
--
Pau Peris Rodriguez
Chief Executive Officer (CEO)
Tel: 669650292
C/Balmes 211, Principal Segunda
Barcelona 08006
http://www.webeloping.es
Aquest correu electrònic conté informació de caràcter confidencial
dirigida exclusivament al seu/s destinatari/s en còpia present. Tant
mateix, queda prohibida la seva divulgació, copia o distribució a
tercers sense prèvia autorització escrita per part de Pau Peris
Rodriguez. En cas d'haver rebut aquesta informació per error, es
demana que es notifiqui immediatament d'aquesta circumstancia
mitjançant la direcció electrònica del emissor.
