Hello, I try to configure "Envelope sender address authorization" as described at
http://www.postfix.org/SASL_README.html#server_sasl_authz but Postfix keeps complaining that the sender address is not owned by the SASL account I login with. The account is n...@niklaas.eu while the sender address is m...@niklaas.eu. (Configuration and logs follow below.) Funny thing is that `postmap -q m...@niklaas.eu <ldap-config>` gives "n...@niklaas.eu" as expected, however, as seen in /var/log/maillog below (line 7), postfix gives "maps_find: smtpd_sender_login_maps: m...@nikaas.eu: not found". -- $ postconf -nf alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin compatibility_level = 2 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debug_peer_list = static:all debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_protocols = ipv4,ipv6 mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man meta_directory = /usr/local/libexec/postfix mua_recipient_restrictions = reject_sender_login_mismatch permit_sasl_authenticated mua_sender_login_maps = ldap:$config_directory/ldap/smtpd_sender_login_maps.cf mydestination = localhost.$mydomain localhost mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases postscreen_upstream_proxy_protocol = haproxy queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop shlib_directory = /usr/local/lib/postfix smtpd_tls_auth_only = yes smtpd_tls_cert_file = $config_directory/certs/mail.niklaas.eu.pem smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_security_level = may smtpd_upstream_proxy_protocol = haproxy soft_bounce = yes unknown_local_recipient_reject_code = 550 virtual_alias_domains = ldap:$config_directory/ldap/virtual_alias_domains.cf virtual_alias_maps = ldap:$config_directory/ldap/virtual_alias_maps.cf virtual_mailbox_domains = niklaas.eu virtual_mailbox_maps = ldap:$config_directory/ldap/virtual_mailbox_maps.cf virtual_transport = lmtp:unix:private/dovecot-lmtp -- -- $ posconf -Mf smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd 9025 inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_recipient_restrictions=$mua_recipient_restrictions -o smtpd_sender_login_maps=$mua_sender_login_maps -o smtpd_reject_unlisted_recipient=no -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache -- -- /var/log/maillog 1 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: In dict_ldap_lookup 2 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: No existing connection for LDAP source /usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf, reopening 3 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_connect: Connecting to server ldap://proxy.box-local.klaas:389 4 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_connect: Actual Protocol version used is 2. 5 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_connect: Cached connection handle for LDAP source /usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf 6 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: /usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf: Searching with filter (&(objectClass=postfixUser)(mailacceptinggeneralid=m...@nikaas.eu)) 7 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: maps_find: smtpd_sender_login_maps: m...@nikaas.eu: not found 8 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_string: mydestination: nikaas.eu ~? localhost.box-hlm-02.niklaas.eu 9 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_string: mydestination: nikaas.eu ~? localhost 10 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_list_match: nikaas.eu: no match 11 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: In dict_ldap_lookup 12 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: Using existing connection for LDAP source /usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf 13 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: /usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf: Searching with filter (&(objectClass=postfixUser)(mailacceptinggeneralid=@nikaas.eu)) 14 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: maps_find: smtpd_sender_login_maps: @nikaas.eu: not found 15 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: mail_addr_find: m...@nikaas.eu -> (not found) 16 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: NOQUEUE: reject: RCPT from aftr-109-91-37-7.unity-media.net[109.91.37.7]: 453 4.7.1 <m...@nikaas.eu>: Sender address rejected: not owned by user n...@niklaas.eu; from=<m...@nikaas.eu> to=<n...@niklaas.eu> proto=ESMTP helo=<[192.168.178.45]> 17 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: generic_checks: name=reject_authenticated_sender_login_mismatch status=2 18 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: >>> END Recipient address RESTRICTIONS <<< 19 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: generic_checks: name=reject_sender_login_mismatch status=2 20 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: >>> END Recipient address RESTRICTIONS <<< 21 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: > aftr-109-91-37-7.unity-media.net[109.91.37.7]: 453 4.7.1 <m...@nikaas.eu>: Sender address rejected: not owned by user n...@niklaas.eu 22 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: watchdog_pat: 0x805c0e110 23 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: < aftr-109-91-37-7.unity-media.net[109.91.37.7]: RSET 24 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: > aftr-109-91-37-7.unity-media.net[109.91.37.7]: 250 2.0.0 Ok 25 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: watchdog_pat: 0x805c0e110 26 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: < aftr-109-91-37-7.unity-media.net[109.91.37.7]: QUIT 27 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: > aftr-109-91-37-7.unity-media.net[109.91.37.7]: 221 2.0.0 Bye 28 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostname: smtpd_client_event_limit_exceptions: aftr-109-91-37-7.unity-media.net ~? 10.2.8.1/32 29 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostaddr: smtpd_client_event_limit_exceptions: 109.91.37.7 ~? 10.2.8.1/32 30 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostname: smtpd_client_event_limit_exceptions: aftr-109-91-37-7.unity-media.net ~? [fd16:dcc0:f4cc:2::8:1]/128 31 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostaddr: smtpd_client_event_limit_exceptions: 109.91.37.7 ~? [fd16:dcc0:f4cc:2::8:1]/128 32 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_list_match: aftr-109-91-37-7.unity-media.net: no match 33 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: match_list_match: 109.91.37.7: no match 34 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: send attr request = disconnect 35 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: send attr ident = submission:109.91.37.7 36 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: private/anvil: wanted attribute: status 37 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: input attribute name: status 38 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: input attribute value: 0 39 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: private/anvil: wanted attribute: (list terminator) 40 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: input attribute name: (end) 41 Aug 3 20:16:00 mx postfix/submission/smtpd[82701]: disconnect from aftr-109-91-37-7.unity-media.net[109.91.37.7] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=7/8 -- Any help is very much appreciated. Niklaas