Demi M. Obenour:
> On 10/8/20 8:25 AM, Wietse Venema wrote:
> > Demi M. Obenour:
> >> On 10/6/20 4:23 PM, Wietse Venema wrote:
> >>> If the feature is turned on then there should probably be a
> >>> default action for users not listed in the table (deny or allow).
> >>> Its not going to be pretty when only the numerical UID is avaialble
> >>> (a 1:1 mapping username->sender would not make sense).
> >>
> >> What about defaulting to allow if local_sender_login_maps has its
> >> default value, and deny otherwise? That keeps the current default
> >> behavior, while still allowing administrators to lock it down.
> >
> > The action (deny) for unmatched users should not depend on the
> > (non-empty) local_sender_login_maps value.
>
> Should this be a configuration option?
It is not needed. If someone wants unmatched users to allow all,
just say so:
local_sender_login_maps = <real login->address map> static:*
This still enforces the allowed email addressesfor users that have
an entry.
If local_sender_login_maps is turned on, indexing with "#" plus the
UID as a string would do the job. It is not like users can arbitrarily
remove their login name from the password file.
Wietse
