Postfix version: 3.1.1 Hello List!
We have a customer with a setup of enforcing a match between account FROM address and sasl username. With the following this works as expected... smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_sender_login_maps = proxy:ldap:/opt/zimbra/conf/ldap-slm.cf smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re Now our customer has subscribed to Shopify, which apparently sends messages using the customer's email address as the FROM address. Which results in a rejection with a 553 5.7.1 Sender address rejected: not logged in. <log snip> Oct 6 13:16:58 mail postfix/smtpd[3285]: connect from smtp.shopify.com[35.225.139.175] Oct 6 13:16:58 mail postfix/smtpd[3285]: NOQUEUE: reject: RCPT from smtp.shopify.com[35.225.139.175]: 553 5.7.1 <rk...@xxxxxxx.com>: Sender address rejected: not logged in; from=<rk...@xxxxxxx.com> to=<rk...@xxxxxxx.com> proto=ESMTP helo=<smtp.shopify.com> </log snip> I've had limited success using check_sender_access using FROM addresses, but it doesn't use IP's only MAIL FROM addresses. My questions is, is it possible to whitelist the IP's from Shopify with this config? The customer would prefer to use IP Whitelisting. Best Regards, -- Rick King
