Loading ...
Sorry, an error occurred while loading the content.
 

Re: restricting outbound e-mail to be from the authenticated user only

Expand Messages
  • Daniel Bromberg
    ... Still a disconnect compared to what I am seeing. When I re-configure my MUA to use somebody@yahoo.com as the Sender to send to anyone@anywhere.com, and
    Message 1 of 17 , Feb 1, 2011
      >> in the setup you did, users can send as ***@....
      >>
      >>
      >>> All good no?
      >>>
      >>> Your final warning: "it won't prevent internal users from using an
      >>> external sender address" -- define internal user? Those in my virtual
      >>> table, or local Unix users? If the latter, I have none. As for "external
      >>> sender address", are you referring to the envelope field, the Reply-to:
      >>> field, or the From: field? If either of the latter two, yes we agreed
      >>> earlier in the threat that that would have to be done with a cleanup
      >>> filter.
      >>>
      >>> Clarify?
      >> a virtual user authenticates as joe@... (which is his SASL
      >> login) but sends as someone@... (where external.example may be
      >> yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.

      Still a disconnect compared to what I am seeing. When I re-configure my
      MUA to use 'somebody@...' as the Sender to send to
      anyone@..., and SASL authenticate as authuser@... to
      the submission port, Postfix replies:

      "An error occurred while sending mail. The mail server responded: 5.7.1
      <somebody@...>: Sender address rejected: not owned by user
      authuser@.... Please check the message recipient
      anyone@... and try again."

      This is without the additional check_sender_access you describe as needed.
      As quick re-cap, I have:

      submission_client_restrictions =
      reject_sender_login_mismatch,
      permit_sasl_authenticated,
      reject

      AND:

      smtp.example.com:smtps inet n - n - - smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=$submission_client_restrictions
      -o syslog_name=postfix-submission

      Is there some other part of the config I haven't discussed and need to, that is making this work already for me?

      -Daniel
    Your message has been successfully submitted and would be delivered to recipients shortly.