Demi M. Obenour:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On 10/6/20 4:23 PM, Wietse Venema wrote:
> > Demi M. Obenour:
> >> On 10/6/20 12:46 PM, Wietse Venema wrote:
> >>> For me, 'not found' also includes the case that the user is not found
> >>> in the passwd file.
> >>
> >> By "allow 'not found' users", do you mean that such users will
> >> automatically be granted access, or that they will still be looked up
> >> (perhaps by numeric UID) in local_sender_login_maps?
> >
> > Postfix sendmail looks up the username only if no sender was specified
> > with -f, and terminates if the username cannot be found. That behavior
> > should not change by default.
>
> That's fine.
>
> > If the feature is turned on then there should probably be a
> > default action for users not listed in the table (deny or allow).
> > Its not going to be pretty when only the numerical UID is avaialble
> > (a 1:1 mapping username->sender would not make sense).
>
> What about defaulting to allow if local_sender_login_maps has its
> default value, and deny otherwise? That keeps the current default
> behavior, while still allowing administrators to lock it down.
The action (deny) for unmatched users should not depend on the
(non-empty) local_sender_login_maps value.
Wietse
