> On Feb 19, 2018, at 11:35 AM, Alex <[email protected]> wrote:
>
> In other words, if the sasl_username is alice, I'd like to restrict
> the envelope sender and From address to only legitimate accounts
> belonging to that sasl user.
If the account is compromised, you really should deny access until
the password is changed. That said, you can use:
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtpd_restriction_classes = enforce_login
enforce_login =
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject
smtpd_sender_restrictions =
check_sasl_access ${indexed}sasl-access
sasl-access:
# The lookup key is the SASL login name, which may be "user@realm",
# rather than just "user", specify accordingly.
#
alice enforce_login
--
Viktor.
