Re: restricting outbound e-mail to be from the authenticated user only
>> in the setup you did, users can send as ***@....Still a disconnect compared to what I am seeing. When I re-configure my
>>> All good no?
>>> Your final warning: "it won't prevent internal users from using an
>>> external sender address" -- define internal user? Those in my virtual
>>> table, or local Unix users? If the latter, I have none. As for "external
>>> sender address", are you referring to the envelope field, the Reply-to:
>>> field, or the From: field? If either of the latter two, yes we agreed
>>> earlier in the threat that that would have to be done with a cleanup
>> a virtual user authenticates as joe@... (which is his SASL
>> login) but sends as someone@... (where external.example may be
>> yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.
MUA to use 'somebody@...' as the Sender to send to
anyone@..., and SASL authenticate as authuser@... to
the submission port, Postfix replies:
"An error occurred while sending mail. The mail server responded: 5.7.1
<somebody@...>: Sender address rejected: not owned by user
authuser@.... Please check the message recipient
anyone@... and try again."
This is without the additional check_sender_access you describe as needed.
As quick re-cap, I have:
smtp.example.com:smtps inet n - n - - smtpd
Is there some other part of the config I haven't discussed and need to, that is making this work already for me?