Hello,
This is my first question to mailing list, so i hope i get this right.
I think it is better to describe general architecture first and then
what i am trying to achieve.
This Postfix instance is configured to use Dovecot SASL for LOGIN
function and permissions. That part works. SASL auth is configured so
that username is an email address. Only virtual mailboxes are used, but
in this instance it is not that important, since the question is only
about outgoing mail restrictions.
The problem is that authenticated senders can send "mail from" from
whatever they please if i do not place any restrictions. Thus i decided
to use:
smtp_sender_restrictions = reject_sender_login_mismatch
It limits "mail from" as expected, but the problem is that i must
"duplicate" kind of what i already have in Dovecot user database in
$smtpd_sender_login_maps file. I am using hash type for
$smtpd_sender_login_maps. It works very well with allowing to use "alias
e-mail" address as "mail from" as well.
What i would like to achieve is to permit sender to set "mail from" the
same value as his SASL auth username or some specially allowed "alias
e-mail" addresses that are defined somewhere. For example, if user1 is
allowed to respond for his company, he would authenticate as
us...@domain.tld and could set "mail from" 1) us...@domain.tld or 2)
i...@domain.tld.
I can achieve this at the moment by writing both lines in login_maps
file, but it feels kind of wrong way to do things. Is there a way not to
duplicate Dovecot usernames and permit 1st case restriction in "mail
from" something like permit_sasl_username_as_mail_from?
I was looking directly at
http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions, but
none of the options seemed right for this use case. Maybe if i scratched
my head a bit, i could come up with some "tricky" SQL query as a
workaround and use reject_sender_login_mismatch, but maybe i have just
overlooked some simple setting, thus i ask for any input.
Thank you!
Best wishes,
Janis
