- Message from Wietse Venema -
Date: Sat, 31 Jul 2021 09:45:00 -0400 (EDT)
From: Wietse Venema
Reply-To: Postfix users
Subject: Re: reject_sender_login_mismatch
To: Postfix users
Simon Wilson:
A quick query on?smtpd_sender_login_maps format.
I have this working
Simon Wilson:
> A quick query on?smtpd_sender_login_maps format.
>
> I have this working well on port 587 to ensure that specified
> SASL-authenticated users only can send emails from their owned email
> addresses.
>
> So I have in a file 'controlled_envelope_senders' this, as an example:
>
- Message from tobi -
Date: Sat, 31 Jul 2021 06:49:48 +
From: tobi
Subject: Re: reject_sender_login_mismatch
To: postfix-users@postfix.org
you could add a sender access map in your relay config which rejects
those domains. Place it before your sender login maps
you could add a sender access map in your relay config which rejects those
domains. Place it before your sender login maps
Am 31. Juli 2021 06:06:17 UTC schrieb Simon Wilson :
>A quick query on smtpd_sender_login_maps format.
>
>I have this working well on port 587 to ensure that specified
>SA
?ngel L. Mateo:
> Hi,
>
> I have configured my postfix with the reject_sender_login_mismatch
> option in the smtpd_sender_restrictions.
>
> With this configuration, when a ussage wants to send an email with an
> unauthorized sender it gets a reject message like:
>
> 553 5.7.1 : Sen
On 7 Jun 2018, at 12:07, Marek Kozlowski wrote:
:-)
I have all users in an LDAP database and store users' aliases,
virtuals, canonicals, forwards etc as attributes. For that purpose
using the `reject_sender_login_mismatch' seems to be a simple and
powerful solution for increasing security an
>
> Specify, for example:
>
> smtpd_sender_login_maps = hash:/etc/postfix/sasl_senders,
>pcre:/etc/postfix/sasl_default_senders
>
> Where the contents of sasl_default_senders is, for example:
>
> root# cat sasl_default_senders
> /^(.*)@domain$/ $1
>
> Which restrict
On 07/01/2016 01:19 PM, Michael Fox wrote:
I’m confused about how the reject_sender_login_mismatch restriction works.
I can understand the value of this mapping if you want to allow a given
SASL login to use multiple MAIL FROM addresses. But is there a way to
require that the MAIL FROM address
:-)
>> My postfix hostname is `mail.my.domain'.
>>
>> DNS settings result in redirecting not only mail to
>> `some...@mail.my.domain' but also mail addressed to:
>> `sm...@programmers.my.domain', `jo...@office.my.domain', etc to this host.
>>
>> `virtual_alias_maps' allow resolving:
>> sm...@progra
Marek Kozlowski:
> :-)
>
> My postfix hostname is `mail.my.domain'.
>
> DNS settings result in redirecting not only mail to
> `some...@mail.my.domain' but also mail addressed to:
> `sm...@programmers.my.domain', `jo...@office.my.domain', etc to this host.
>
> `virtual_alias_maps' allow resolving
> Perhaps you can use reject_authenticated_sender_login_mismatch instead.
> http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
Yeah! Thanks Jones :-)
Solved!
Pol
On 11/16/2013 12:44 PM, Pol Hallen wrote:
> Hi all :-) I configurated postfix to check if a client is within the
>
> smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps
>
> with sasl sender authentication, and:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
>
and where is the complete log of the message you are speaking
about in your initial post? you are long enough here to know
how debugging works and how it can't work
> mydestination = fuckaround
what's that?
this is not a domain
Am 16.11.2013 19:54, schrieb Pol Hallen:
> alias_database = hash:/et
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 10s
anvil_status_update_time = 120s
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 10m
disable_vrfy_command = yes
helpful_warnings = yes
h
Am 16.11.2013 19:44, schrieb Pol Hallen:
> Hi all :-) I configurated postfix to check if a client is within the
>
> smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps
>
> with sasl sender authentication, and:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
>
Le 16/09/2013 18:43, Viktor Dukhovni a écrit :
On Mon, Sep 16, 2013 at 11:24:12AM -0400, Wietse Venema wrote:
So I think putting "sender" first and indicating that *only*
listed senders are in scope makes sense:
reject_restricted_sender_wrong_login
this should likely automatically imp
On Mon, Sep 16, 2013 at 11:24:12AM -0400, Wietse Venema wrote:
> > So I think putting "sender" first and indicating that *only*
> > listed senders are in scope makes sense:
> >
> > reject_restricted_sender_wrong_login
> >
> > this should likely automatically imply reject_unauth_sender_login_
On Mon, Sep 16, 2013 at 10:19:14AM -0400, Wietse Venema wrote:
> > Perhaps:
> >
> > reject_restricted_sender_misuse
> >
> > Patch below, potentially subject to replacement of the above name with
> > something more obvious.
>
> Bah, you solved the easy part of the problem :-)
Yes, I know.
Viktor Dukhovni:
> So I think putting "sender" first and indicating that *only*
> listed senders are in scope makes sense:
>
> reject_restricted_sender_wrong_login
>
> this should likely automatically imply reject_unauth_sender_login_mismatch
> (to protect said restricted sender addresses f
Viktor Dukhovni:
> On Mon, Sep 16, 2013 at 08:35:16AM -0400, Wietse Venema wrote:
>
> > If you want to reject authenticated sender/login mis-matches only
> > for sender addresses in $smtpd_sender_login_maps, then that would
> > have to be a completely different feature, with a clear name, and
> >
On Mon, Sep 16, 2013 at 08:35:16AM -0400, Wietse Venema wrote:
> If you want to reject authenticated sender/login mis-matches only
> for sender addresses in $smtpd_sender_login_maps, then that would
> have to be a completely different feature, with a clear name, and
> with clearly defined semantic
Le 16/09/2013 14:35, Wietse Venema a écrit :
Emmanuel Fust?:
But in either case, I want to accept the email if the envelope address
is not in the map.
Given that "reject_sender_login_mismatch" is implemented internally
as an alias for "reject_authenticated_sender_login_mismatch,
reject_unauthen
Emmanuel Fust?:
> But in either case, I want to accept the email if the envelope address
> is not in the map.
Given that "reject_sender_login_mismatch" is implemented internally
as an alias for "reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch", the defini
Le 16/09/2013 12:41, Wietse Venema a écrit :
Emmanuel Fust?:
Hello,
I did not find a way to "emulate" the behavior of
reject_sender_login_mismatch for authenticated connexions as for
unauthenticated connexions.
reject_authenticated_sender_login_mismatch
Enforces the reject_sender_log
Emmanuel Fust?:
> Hello,
>
> I did not find a way to "emulate" the behavior of
> reject_sender_login_mismatch for authenticated connexions as for
> unauthenticated connexions.
reject_authenticated_sender_login_mismatch
Enforces the reject_sender_login_mismatch restriction for
/dev/rob0 a écrit :
> On Saturday 01 August 2009 10:15:08 johnea wrote:
>> The postfix documentation regarding reject_sender_login_mismatch:
>>
>> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
>> or maybe in here:
>> http://www.postfix.org/SMTPD_ACCESS_README.html
>>
>> Specif
On Saturday 01 August 2009 10:15:08 johnea wrote:
> The postfix documentation regarding reject_sender_login_mismatch:
>
> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
> or maybe in here:
> http://www.postfix.org/SMTPD_ACCESS_README.html
>
> Specifically the reject_authenticat
On Mon, Jun 08, 2009 at 02:31:06PM +0200, Florian Wagner wrote:
> I'm currently playing around with client certificates in postfix.
>
> Is there any way do do something similar to reject_sender_login_mismatch
> with certificate authentication? A table to map from certificate
> fingerprints to all
Florian Wagner schrieb:
> Hi,
>
> I'm currently playing around with client certificates in postfix.
>
> Is there any way do do something similar to reject_sender_login_mismatch
> with certificate authentication? A table to map from certificate
> fingerprints to allowed addresses?
>
postfwd (a p
Robert Schetterer schrieb:
> Hi @ll,
> i have a relay for exchange
> which is configured with reject_sender_login_mismatch
> with accounts allowed to send out for configured domains
> at last a infected host generated a faked sender
> which was rejected with not owned by user
> unfourtunally the bo
On Wed, Mar 18, 2009 at 10:29:19AM +0900, Alberto Lepe wrote:
> If I understand correctly the Postfix manual,
>
> "reject_sender_login_mismatch"
>
> is equivalent of adding these 2 rules instead:
>
> "reject_unauthenticated_sender_login_mismatch"
> "reject_authenticated_sender_l
On Wed, 18 Mar 2009, Alberto Lepe wrote:
> If I understand correctly the Postfix manual,
>
> "reject_sender_login_mismatch"
>
> is equivalent of adding these 2 rules instead:
>
> "reject_unauthenticated_sender_login_mismatch"
> "reject_authenticated_sender_login_mismatch"
>
> r
32 matches
Mail list logo
