El 4/5/22 a las 12:27, Matus UHLAR - fantomas escribió:
On 04.05.22 10:50, Víctor Rubiella Monfort wrote:
I'm working on a map for restrict MAIL_FROM declared on mail based on
sasl user authenticated.
For example if we want that all accounts for domain @domain1.com can
define MAIL_FROM @domain1.com and @domain2.co accounts:
@domain1.com accou...@domain1.com accou...@domain2.com
accou...@domain2.com accou...@domain2.com
@domain2.com accou...@domain1.com accou...@domain2.com
accou...@domain2.com accou...@domain2.com
I store this on map file and add this configuration on postfix:
smtpd_sender_login_maps: hash:/etc/postfix/sender_restrictions_map
smtpd_sender_restrictions
.....*
reject_sender_login_mismatch*
This seems works fine, but is incremental complexity of this map when
we add several domains and this domain has several accounts, for
example if we add 4 domains with 20, 30 o 50 accounts each one.
There are any way to do something like this:
@domain1.com @domain1.com,@domain2.com,@domain3.com
@domain2.com @domain1.com,@domain2.com,@domain3.com
@domain3.com @domain1.com,@domain2.com,@domain3.com
The final purpose is restrict domains can be used on MAIL_FROM, based
on domain used on SASL account. Without consider each account.
If you want to allow all accounts to specify all addresses in
@domain1.com and @domain2.com, why to specify them at all?
Not specifying @domain1.com and @domain2.com should not restrict
sending mail from those domains at all.
for unauthenticated clients, you can deny mail from: using
check_sender_access.
So, because not all domains can use all domains :D, this should be more
clarify sample
@domain1.com @domain1.com,@domain2.com,@domain3.com
@domain2.com @domain1.com,@domain2.com,@domain3.com
@domain3.com @domain1.com,@domain2.com,@domain3.com
@domain4.com @domain4.com,@domain5.com
@domain5.com @domain4.com,@domain5.com
