verify mail fom after authentication

Wed, 09 May 2018 09:32:43 -0700 

Hi,

i would like verify mail from address after authentication.


I set up a ldap authentication for my users that works very well. it's ok

smtp inet  n       -       n       -       -       smtpd
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_sasl_local_domain=ac-caen.fr
        -o smtpd_sasl_application_name=smtpd
        -o broken_sasl_auth_clients=yes
        -o smtpd_sasl_security_options=noanonymous
        -o smtpd_sasl_authenticated_header=no
        -o smtpd_helo_required=yes
        -o smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
In a second time i allow the email addresses of the account to send messages only from the addresses of their account, I added this configuration and it works very well but currently for my users it is too restrictive so i search a less restrictive solution 

    -o smtpd_sender_login_maps=ldap:/etc/postfix/ldap-loginsasl.cf
   -o smtpd_sender_restrictions=reject_sender_login_mismatch


File /etc/postfix/ldap-loginsasl.cf

server_host = ldap.domain.fr
server_port = 389
bind = no
search_base = ou=domain,c=fr
query_filter = (&(objectclass=inetMailUser)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))) 
result_attribute = uid, mail, mailAlternateAddress, mailEquivalentAddress
domain = domain1.fr, domain2.fr
version = 3
My less restrictive solution is, that only the addresses (MAIL FROM) of my domains (ldap verification) can send mails even if they are not attached to the authenticated account and the addresses of another domain are rejected.
I did that but it does not work. i think it's not good solution i had *check_sender_access*
-o smtpd_recipient_restrictions=*check_sender_access ldap:/etc/postfix/sender-list.cf*,permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject 


File /etc/postfix/sender-list.cf :

server_host = ldap.domain.fr
server_port = 389
bind = no
search_base = ou=domain,c=fr
query_filter = (&(objectclass=inetMailUser)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))) 
result_attribute = uid, mail, mailAlternateAddress, mailEquivalentAddress
domain = domain1.fr, domain2.fr
version = 3


do you have an idea?

regards

Reply via email to