Hello, Right now we use reject_sender_login_mismatch to reject external mail claiming to be from an address we host, which has worked pretty well, but it does catch some externally forwarded email which I would like to improve. So the scenario is a user on our system u...@us.tld sends to an external domain ot...@external.tld, and ot...@external.tld forwards to another of our users, ot...@us.tld; we reject the message
553 5.7.1 <u...@us.tld>: Sender address rejected: not logged in When the message was originally sent it would have been DKIM signed, so assuming it is handled well at external.tld, the signature should be available. Maybe there is a solution I am overlooking, but ideally I would like to apply some sender restrictions prior to DATA, then verify the DKIM signature (via a milter), and if there is no valid dkim signature, apply some more sender restrictions (including reject_sender_login_mismatch). I don't see any way to do this currently, correct? You can insert policy filter checks in the middle of smtpd_sender_restrictions, but you can't insert a milter check. So I would be looking at writing my own milter to duplicate the reject_sender_login_mismatch tests, and run that after the first milter which checks dkim? Thanks, Jesse -- Jesse Norell Kentec Communications, Inc. 970-522-8107 - www.kci.net
