Loading ...
Sorry, an error occurred while loading the content.

reject_sender_login_mismatch behavior

Expand Messages
  • Emmanuel Fusté
    Hello, I did not find a way to emulate the behavior of reject_sender_login_mismatch for authenticated connexions as for unauthenticated connexions. I need
    Message 1 of 11 , Sep 16, 2013
    • 0 Attachment
      Hello,

      I did not find a way to "emulate" the behavior of
      reject_sender_login_mismatch for authenticated connexions as for
      unauthenticated connexions.
      I need that as in the unauthenticated case, if the envelope sender is
      not in the smtpd_sender_login_maps maps, the request is accepted.
      Is there any way to get this behavior ?
      If no, is something like reject_sender_login_mismatch_relaxed and
      reject_authenticated_sender_login_mismatch_relaxed could be added on a
      "todo list" ?

      Thanks,
      Emmanuel.
    • Wietse Venema
      ... reject_authenticated_sender_login_mismatch Enforces the reject_sender_login_mismatch restriction for authenticated clients only. This feature is
      Message 2 of 11 , Sep 16, 2013
      • 0 Attachment
        Emmanuel Fust?:
        > Hello,
        >
        > I did not find a way to "emulate" the behavior of
        > reject_sender_login_mismatch for authenticated connexions as for
        > unauthenticated connexions.

        reject_authenticated_sender_login_mismatch
        Enforces the reject_sender_login_mismatch restriction for
        authenticated clients only. This feature is available in Postfix
        version 2.1 and later.

        reject_unauthenticated_sender_login_mismatch
        Enforces the reject_sender_login_mismatch restriction for unau-
        thenticated clients only. This feature is available in Postfix
        version 2.1 and later.


        Wietse
      • Emmanuel Fusté
        ... Sorry, I think I was not clear. With reject_sender_login_mismatch : - In the case of unauthenticated connexions, if the envelope sender address is not in
        Message 3 of 11 , Sep 16, 2013
        • 0 Attachment
          Le 16/09/2013 12:41, Wietse Venema a écrit :
          > Emmanuel Fust?:
          >> Hello,
          >>
          >> I did not find a way to "emulate" the behavior of
          >> reject_sender_login_mismatch for authenticated connexions as for
          >> unauthenticated connexions.
          > reject_authenticated_sender_login_mismatch
          > Enforces the reject_sender_login_mismatch restriction for
          > authenticated clients only. This feature is available in Postfix
          > version 2.1 and later.
          >
          > reject_unauthenticated_sender_login_mismatch
          > Enforces the reject_sender_login_mismatch restriction for unau-
          > thenticated clients only. This feature is available in Postfix
          > version 2.1 and later.
          >
          >
          > Wietse
          Sorry, I think I was not clear.
          With reject_sender_login_mismatch :
          - In the case of unauthenticated connexions, if the envelope sender
          address is not in the map (no know SASL owner), the mail is accepted.
          - In the case of authenticated connexions, if the envelope sender
          address is not in the map (no know SASL owner), the mail is rejected.

          I want to reject the mail for authenticated and unauthenticated
          connexions if a SASL owner for the envelope sender address is know and
          in the case of an authenticated connexion does not match.
          reject_sender_login_mismatch is good for that.
          But in either case, I want to accept the email if the envelope address
          is not in the map. With the described behavior of
          reject_sender_login_mismatch (which is in conformance with the
          documentation), it is not the case.

          Are you saying that instead of using "reject_sender_login_mismatch",
          using "reject_authenticated_sender_login_mismatch,
          reject_unauthenticated_sender_login_mismatch" will give me what I want ?

          Thank you,
          Emmanuel.
        • Wietse Venema
          ... Given that reject_sender_login_mismatch is implemented internally as an alias for reject_authenticated_sender_login_mismatch,
          Message 4 of 11 , Sep 16, 2013
          • 0 Attachment
            Emmanuel Fust?:
            > But in either case, I want to accept the email if the envelope address
            > is not in the map.

            Given that "reject_sender_login_mismatch" is implemented internally
            as an alias for "reject_authenticated_sender_login_mismatch,
            reject_unauthenticated_sender_login_mismatch", the definitions can
            be rewritten as:

            reject_unauthenticated_sender_login_mismatch
            Reject the request when $smtpd_sender_login_maps specifies
            an owner for the MAIL FROM address, but the client is not
            (SASL) logged in as that MAIL FROM address owner

            The above becomes a NOOP when the sender addresses is not listed in
            $smtpd_sender_login_maps.

            reject_authenticated_sender_login_mismatch
            Reject the request when the client is (SASL) logged in, but
            the client login name doesn't own the MAIL FROM address
            according to $smtpd_sender_login_maps.

            The above will reject mail when the sender addresses is not listed
            in $smtpd_sender_login_maps. It forces authenticated users to use
            their proper sender address.

            If you want to reject authenticated sender/login mis-matches only
            for sender addresses in $smtpd_sender_login_maps, then that would
            have to be a completely different feature, with a clear name, and
            with clearly defined semantics.

            reject_something_here_that_doesnt_confuse_the_hell_out_of_real_humans
            Reject the request when the client is (SASL) logged in, but
            the MAIL FROM address is owned by a different client login
            name according to $smtpd_sender_login_maps.

            The above would will reject mail only when the sender address is
            owned by a different customer.

            Wietse
          • Emmanuel Fusté
            ... Thank you for the detailed explanation. This is exactly how I understood how it work. So I need this new completely different feature. Is it something that
            Message 5 of 11 , Sep 16, 2013
            • 0 Attachment
              Le 16/09/2013 14:35, Wietse Venema a écrit :
              > Emmanuel Fust?:
              >> But in either case, I want to accept the email if the envelope address
              >> is not in the map.
              > Given that "reject_sender_login_mismatch" is implemented internally
              > as an alias for "reject_authenticated_sender_login_mismatch,
              > reject_unauthenticated_sender_login_mismatch", the definitions can
              > be rewritten as:
              >
              > reject_unauthenticated_sender_login_mismatch
              > Reject the request when $smtpd_sender_login_maps specifies
              > an owner for the MAIL FROM address, but the client is not
              > (SASL) logged in as that MAIL FROM address owner
              >
              > The above becomes a NOOP when the sender addresses is not listed in
              > $smtpd_sender_login_maps.
              >
              > reject_authenticated_sender_login_mismatch
              > Reject the request when the client is (SASL) logged in, but
              > the client login name doesn't own the MAIL FROM address
              > according to $smtpd_sender_login_maps.
              >
              > The above will reject mail when the sender addresses is not listed
              > in $smtpd_sender_login_maps. It forces authenticated users to use
              > their proper sender address.
              >
              > If you want to reject authenticated sender/login mis-matches only
              > for sender addresses in $smtpd_sender_login_maps, then that would
              > have to be a completely different feature, with a clear name, and
              > with clearly defined semantics.
              >
              > reject_something_here_that_doesnt_confuse_the_hell_out_of_real_humans
              > Reject the request when the client is (SASL) logged in, but
              > the MAIL FROM address is owned by a different client login
              > name according to $smtpd_sender_login_maps.
              >
              > The above would will reject mail only when the sender address is
              > owned by a different customer.
              >
              > Wietse
              Thank you for the detailed explanation.
              This is exactly how I understood how it work.
              So I need this new completely different feature.

              Is it something that could be added to the postfix todo list ?
              I know that your resources to devellop Postfix is limited. I will try to
              implement it myself and propose a patch, but I'm not sure I have the
              skills to do so.

              Emmanuel.
            • Viktor Dukhovni
              ... Perhaps: reject_restricted_sender_misuse Patch below, potentially subject to replacement of the above name with something more obvious. -- Viktor. ...
              Message 6 of 11 , Sep 16, 2013
              • 0 Attachment
                On Mon, Sep 16, 2013 at 08:35:16AM -0400, Wietse Venema wrote:

                > If you want to reject authenticated sender/login mis-matches only
                > for sender addresses in $smtpd_sender_login_maps, then that would
                > have to be a completely different feature, with a clear name, and
                > with clearly defined semantics.
                >
                > reject_something_here_that_doesnt_confuse_the_hell_out_of_real_humans
                > Reject the request when the client is (SASL) logged in, but
                > the MAIL FROM address is owned by a different client login
                > name according to $smtpd_sender_login_maps.

                Perhaps:

                reject_restricted_sender_misuse

                Patch below, potentially subject to replacement of the above name with
                something more obvious.

                --
                Viktor.

                ---
                mantools/postlink | 1 +
                proto/SASL_README.html | 3 ++-
                proto/postconf.proto | 7 +++++++
                src/global/mail_params.h | 2 ++
                src/smtpd/smtpd_check.c | 15 ++++++++++++---
                5 files changed, 24 insertions(+), 4 deletions(-)

                diff --git a/mantools/postlink b/mantools/postlink
                index 6da58ae..74838b1 100755
                --- a/mantools/postlink
                +++ b/mantools/postlink
                @@ -898,6 +898,7 @@ while (<>) {
                s;\bcheck_sender_ns_access\b;<a href="postconf.5.html#check_sender_ns_access">$&</a>;g;
                s;\b(reject_authenti)([-</bB>]*\n*[ <bB>]*)(cated_sender_login_mismatch)\b;<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">$1<\/a>$2<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">$3</a>;g;
                s;\breject_non_fqdn_sender\b;<a href="postconf.5.html#reject_non_fqdn_sender">$&</a>;g;
                + s;\breject_restricted_sender_misuse\b;<a href="postconf.5.html#reject_restricted_sender_misuse">$&</a>;g;
                s;\breject_rhsbl_sender\b;<a href="postconf.5.html#reject_rhsbl_sender">$&</a>;g;
                s;\breject_sender_login_mis[-</bB>]*\n*[ <bB>]*match\b;<a href="postconf.5.html#reject_sender_login_mismatch">$&</a>;g;
                s;\breject_unauthenticated_sender_login_mismatch\b;<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">$&</a>;g;
                diff --git a/proto/SASL_README.html b/proto/SASL_README.html
                index 49e7fb7..c7134b4 100644
                --- a/proto/SASL_README.html
                +++ b/proto/SASL_README.html
                @@ -1450,7 +1450,8 @@ restriction above will reject the sender address in the MAIL FROM
                command if <code>smtpd_sender_login_maps</code> does not specify
                the SMTP client's login name as an owner of that address. </p>

                -<p> See also <code>reject_authenticated_sender_login_mismatch</code> and
                +<p> See also <code>reject_authenticated_sender_login_mismatch</code>,
                +<code>reject_restricted_sender_misuse</code>, and
                <code>reject_unauthenticated_sender_login_mismatch</code> for additional
                control over the SASL login name and the envelope sender. </p>

                diff --git a/proto/postconf.proto b/proto/postconf.proto
                index c4b6c53..bc70e1f 100644
                --- a/proto/postconf.proto
                +++ b/proto/postconf.proto
                @@ -6299,6 +6299,13 @@ fully-qualified domain form, as required by the RFC. <br> The
                non_fqdn_reject_code parameter specifies the response code for
                rejected requests (default: 504). </dd>

                +<dt><b><a name="reject_restricted_sender_misuse">reject_restricted_sender_misuse</a></b></dt>
                +
                +<dd>Reject the request when the client is (SASL) logged in, but the
                +MAIL FROM address is owned by a different client login name according
                +to $smtpd_sender_login_maps. This feature is available in
                +Postfix version 2.11 and later. </dd>
                +
                <dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt>

                <dd>Reject the request when the MAIL FROM domain is listed with
                diff --git a/src/global/mail_params.h b/src/global/mail_params.h
                index 93d2c35..a3dadaa 100644
                --- a/src/global/mail_params.h
                +++ b/src/global/mail_params.h
                @@ -1591,6 +1591,8 @@ extern char *var_smtpd_snd_auth_maps;
                #define REJECT_SENDER_LOGIN_MISMATCH "reject_sender_login_mismatch"
                #define REJECT_AUTH_SENDER_LOGIN_MISMATCH \
                "reject_authenticated_sender_login_mismatch"
                +#define REJECT_RESTRICTED_SENDER_MISUSE \
                + "reject_restricted_sender_misuse"
                #define REJECT_UNAUTH_SENDER_LOGIN_MISMATCH \
                "reject_unauthenticated_sender_login_mismatch"

                diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
                index a27dc70..343f41a 100644
                --- a/src/smtpd/smtpd_check.c
                +++ b/src/smtpd/smtpd_check.c
                @@ -3461,7 +3461,7 @@ static int reject_maps_rbl(SMTPD_STATE *state)

                /* reject_auth_sender_login_mismatch - logged in client must own sender address */

                -static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sender)
                +static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sender, int allow_unowned)
                {
                const RESOLVE_REPLY *reply;
                const char *owners;
                @@ -3487,7 +3487,8 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen
                }
                }
                myfree(saved_owners);
                - }
                + } else if (allow_unowned)
                + return (SMTPD_CHECK_DUNNO);
                if (!found)
                return (smtpd_check_reject(state, MAIL_ERROR_POLICY, 553, "5.7.1",
                "<%s>: Sender address rejected: not owned by user %s",
                @@ -4017,7 +4018,15 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
                #ifdef USE_SASL_AUTH
                if (var_smtpd_sasl_enable) {
                if (state->sender && *state->sender)
                - status = reject_auth_sender_login_mismatch(state, state->sender);
                + status = reject_auth_sender_login_mismatch(state, state->sender, 0);
                + } else
                +#endif
                + msg_warn("restriction `%s' ignored: no SASL support", name);
                + } else if (strcasecmp(name, REJECT_RESTRICTED_SENDER_MISUSE) == 0) {
                +#ifdef USE_SASL_AUTH
                + if (var_smtpd_sasl_enable) {
                + if (state->sender && *state->sender)
                + status = reject_auth_sender_login_mismatch(state, state->sender, 1);
                } else
                #endif
                msg_warn("restriction `%s' ignored: no SASL support", name);
                --
                1.7.9.6 (Apple Git-31.1)
              • Wietse Venema
                ... Bah, you solved the easy part of the problem :-) I would expect a feature name that contains the following: reject This feature will reject a request or do
                Message 7 of 11 , Sep 16, 2013
                • 0 Attachment
                  Viktor Dukhovni:
                  > On Mon, Sep 16, 2013 at 08:35:16AM -0400, Wietse Venema wrote:
                  >
                  > > If you want to reject authenticated sender/login mis-matches only
                  > > for sender addresses in $smtpd_sender_login_maps, then that would
                  > > have to be a completely different feature, with a clear name, and
                  > > with clearly defined semantics.
                  > >
                  > > reject_something_here_that_doesnt_confuse_the_hell_out_of_real_humans
                  > > Reject the request when the client is (SASL) logged in, but
                  > > the MAIL FROM address is owned by a different client login
                  > > name according to $smtpd_sender_login_maps.
                  >
                  > Perhaps:
                  >
                  > reject_restricted_sender_misuse
                  >
                  > Patch below, potentially subject to replacement of the above name with
                  > something more obvious.

                  Bah, you solved the easy part of the problem :-)

                  I would expect a feature name that contains the following:

                  reject
                  This feature will reject a request or do nothing.

                  authenticated
                  This feature applies to (SASL) authenticated clients.

                  sender_login_maps
                  This feature queries the smtpd_sender_login_maps table.

                  XXX
                  The MAIL FROM address has an owner, but the owner differs
                  from the authenticated client's login name.

                  What about "conflict"? It means we found an owner, but it was the
                  wrong one. The term "conflict" is more specific than "mismatch"
                  which also includes the case that we didn't find anything.

                  Wietse
                • Viktor Dukhovni
                  ... Yes, I know. The feature is small, just a couple of lines of code and related documentation updates. Indeed choosing a new name is the main problem.
                  Message 8 of 11 , Sep 16, 2013
                  • 0 Attachment
                    On Mon, Sep 16, 2013 at 10:19:14AM -0400, Wietse Venema wrote:

                    > > Perhaps:
                    > >
                    > > reject_restricted_sender_misuse
                    > >
                    > > Patch below, potentially subject to replacement of the above name with
                    > > something more obvious.
                    >
                    > Bah, you solved the easy part of the problem :-)

                    Yes, I know. The feature is small, just a couple of lines of code
                    and related documentation updates. Indeed choosing a new name is
                    the main problem. With either of:

                    reject_authenticated_sender_login_conflict
                    reject_authenticated_sender_login_maps_conflict

                    it is not clear to me why "conflict" allows unowned senders and
                    mistmatch does not. I think these are too similar to the name
                    of the existing features. My proposal focuses on the new task
                    of restricting selected sender addresses to designated authenticated
                    users, rather than restricting authenticated users to designated
                    addresses (be it via a table from addresses -> owners).

                    So I think putting "sender" first and indicating that *only*
                    listed senders are in scope makes sense:

                    reject_restricted_sender_wrong_login

                    this should likely automatically imply reject_unauth_sender_login_mismatch
                    (to protect said restricted sender addresses from misuse when the
                    client does not authenticate). (Thus a small change in the proposed code).

                    --
                    Viktor.
                  • Wietse Venema
                    ... I think the following introduces the least amount of confusion. reject_sender_login_mismatch [this definition does not change]
                    Message 9 of 11 , Sep 16, 2013
                    • 0 Attachment
                      Viktor Dukhovni:
                      > So I think putting "sender" first and indicating that *only*
                      > listed senders are in scope makes sense:
                      >
                      > reject_restricted_sender_wrong_login
                      >
                      > this should likely automatically imply reject_unauth_sender_login_mismatch
                      > (to protect said restricted sender addresses from misuse when the
                      > client does not authenticate). (Thus a small change in the proposed code).

                      I think the following introduces the least amount of confusion.

                      reject_sender_login_mismatch
                      [this definition does not change]

                      reject_authenticated_sender_login_mismatch
                      Apply the reject_sender_login_mismatch restriction
                      only to clients that are SASL-authenticated.

                      reject_unauthenticated_sender_login_mismatch
                      Apply the reject_sender_login_mismatch restriction
                      only to clients that are not SASL-authenticated.

                      reject_known_sender_login_mismatch
                      Apply the reject_sender_login_mismatch restriction only to
                      MAIL FROM addresses that are known in $smtpd_sender_login_maps.

                      Wietse
                    • Viktor Dukhovni
                      ... This works for me, and also sensibly applies to both authenticated and unauthenticated clients. -- Viktor. mantools/postlink | 1 +
                      Message 10 of 11 , Sep 16, 2013
                      • 0 Attachment
                        On Mon, Sep 16, 2013 at 11:24:12AM -0400, Wietse Venema wrote:

                        > > So I think putting "sender" first and indicating that *only*
                        > > listed senders are in scope makes sense:
                        > >
                        > > reject_restricted_sender_wrong_login
                        > >
                        > > this should likely automatically imply reject_unauth_sender_login_mismatch
                        > > (to protect said restricted sender addresses from misuse when the
                        > > client does not authenticate). (Thus a small change in the proposed code).
                        >
                        > I think the following introduces the least amount of confusion.
                        >
                        > reject_sender_login_mismatch
                        > [this definition does not change]
                        >
                        > reject_authenticated_sender_login_mismatch
                        > Apply the reject_sender_login_mismatch restriction
                        > only to clients that are SASL-authenticated.
                        >
                        > reject_unauthenticated_sender_login_mismatch
                        > Apply the reject_sender_login_mismatch restriction
                        > only to clients that are not SASL-authenticated.
                        >
                        > reject_known_sender_login_mismatch
                        > Apply the reject_sender_login_mismatch restriction only to
                        > MAIL FROM addresses that are known in $smtpd_sender_login_maps.

                        This works for me, and also sensibly applies to both authenticated
                        and unauthenticated clients.

                        --
                        Viktor.

                        mantools/postlink | 1 +
                        proto/SASL_README.html | 3 ++-
                        proto/postconf.proto | 6 ++++++
                        src/global/mail_params.h | 2 ++
                        src/smtpd/smtpd_check.c | 19 ++++++++++++++++---
                        5 files changed, 27 insertions(+), 4 deletions(-)

                        diff --git a/mantools/postlink b/mantools/postlink
                        index 6da58ae..f038fb6 100755
                        --- a/mantools/postlink
                        +++ b/mantools/postlink
                        @@ -897,6 +897,7 @@ while (<>) {
                        s;\bcheck_sender_mx_access\b;<a href="postconf.5.html#check_sender_mx_access">$&</a>;g;
                        s;\bcheck_sender_ns_access\b;<a href="postconf.5.html#check_sender_ns_access">$&</a>;g;
                        s;\b(reject_authenti)([-</bB>]*\n*[ <bB>]*)(cated_sender_login_mismatch)\b;<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">$1<\/a>$2<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">$3</a>;g;
                        + s;\breject_known_sender_login_mismatch\b;<a href="postconf.5.html#reject_known_sender_login_mismatch">$&</a>;g;
                        s;\breject_non_fqdn_sender\b;<a href="postconf.5.html#reject_non_fqdn_sender">$&</a>;g;
                        s;\breject_rhsbl_sender\b;<a href="postconf.5.html#reject_rhsbl_sender">$&</a>;g;
                        s;\breject_sender_login_mis[-</bB>]*\n*[ <bB>]*match\b;<a href="postconf.5.html#reject_sender_login_mismatch">$&</a>;g;
                        diff --git a/proto/SASL_README.html b/proto/SASL_README.html
                        index 49e7fb7..b9104e2 100644
                        --- a/proto/SASL_README.html
                        +++ b/proto/SASL_README.html
                        @@ -1450,7 +1450,8 @@ restriction above will reject the sender address in the MAIL FROM
                        command if <code>smtpd_sender_login_maps</code> does not specify
                        the SMTP client's login name as an owner of that address. </p>

                        -<p> See also <code>reject_authenticated_sender_login_mismatch</code> and
                        +<p> See also <code>reject_authenticated_sender_login_mismatch</code>,
                        +<code>reject_known_sender_login_mismatch</code>, and
                        <code>reject_unauthenticated_sender_login_mismatch</code> for additional
                        control over the SASL login name and the envelope sender. </p>

                        diff --git a/proto/postconf.proto b/proto/postconf.proto
                        index c4b6c53..d8c538d 100644
                        --- a/proto/postconf.proto
                        +++ b/proto/postconf.proto
                        @@ -6292,6 +6292,12 @@ feature is available in Postfix 2.1 and later. </dd>
                        authenticated clients only. This feature is available in
                        Postfix version 2.1 and later. </dd>

                        +<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
                        +
                        +<dd>Apply the reject_sender_login_mismatch restriction only to MAIL
                        +FROM addresses that are known in $smtpd_sender_login_maps. This
                        +feature is available in Postfix version 2.11 and later. </dd>
                        +
                        <dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>

                        <dd>Reject the request when the MAIL FROM address is not in
                        diff --git a/src/global/mail_params.h b/src/global/mail_params.h
                        index 93d2c35..871fcc5 100644
                        --- a/src/global/mail_params.h
                        +++ b/src/global/mail_params.h
                        @@ -1591,6 +1591,8 @@ extern char *var_smtpd_snd_auth_maps;
                        #define REJECT_SENDER_LOGIN_MISMATCH "reject_sender_login_mismatch"
                        #define REJECT_AUTH_SENDER_LOGIN_MISMATCH \
                        "reject_authenticated_sender_login_mismatch"
                        +#define REJECT_KNOWN_SENDER_LOGIN_MISMATCH \
                        + "reject_known_sender_login_mismatch"
                        #define REJECT_UNAUTH_SENDER_LOGIN_MISMATCH \
                        "reject_unauthenticated_sender_login_mismatch"

                        diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
                        index a27dc70..d9f61cb 100644
                        --- a/src/smtpd/smtpd_check.c
                        +++ b/src/smtpd/smtpd_check.c
                        @@ -3461,7 +3461,7 @@ static int reject_maps_rbl(SMTPD_STATE *state)

                        /* reject_auth_sender_login_mismatch - logged in client must own sender address */

                        -static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sender)
                        +static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sender, int allow_unowned)
                        {
                        const RESOLVE_REPLY *reply;
                        const char *owners;
                        @@ -3487,7 +3487,8 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen
                        }
                        }
                        myfree(saved_owners);
                        - }
                        + } else if (allow_unowned)
                        + return (SMTPD_CHECK_DUNNO);
                        if (!found)
                        return (smtpd_check_reject(state, MAIL_ERROR_POLICY, 553, "5.7.1",
                        "<%s>: Sender address rejected: not owned by user %s",
                        @@ -4017,7 +4018,19 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
                        #ifdef USE_SASL_AUTH
                        if (var_smtpd_sasl_enable) {
                        if (state->sender && *state->sender)
                        - status = reject_auth_sender_login_mismatch(state, state->sender);
                        + status = reject_auth_sender_login_mismatch(state, state->sender, 0);
                        + } else
                        +#endif
                        + msg_warn("restriction `%s' ignored: no SASL support", name);
                        + } else if (strcasecmp(name, REJECT_KNOWN_SENDER_LOGIN_MISMATCH) == 0) {
                        +#ifdef USE_SASL_AUTH
                        + if (var_smtpd_sasl_enable) {
                        + if (state->sender && *state->sender) {
                        + if (state->sasl_username)
                        + status = reject_auth_sender_login_mismatch(state, state->sender, 1);
                        + else
                        + status = reject_unauth_sender_login_mismatch(state, state->sender);
                        + }
                        } else
                        #endif
                        msg_warn("restriction `%s' ignored: no SASL support", name);
                      • Emmanuel Fusté
                        ... Woaouuuuu, I leave 24h and all is there. Viktor, Wietse, thank you !!!!! Emmanuel.
                        Message 11 of 11 , Sep 18, 2013
                        • 0 Attachment
                          Le 16/09/2013 18:43, Viktor Dukhovni a écrit :
                          > On Mon, Sep 16, 2013 at 11:24:12AM -0400, Wietse Venema wrote:
                          >
                          >>> So I think putting "sender" first and indicating that *only*
                          >>> listed senders are in scope makes sense:
                          >>>
                          >>> reject_restricted_sender_wrong_login
                          >>>
                          >>> this should likely automatically imply reject_unauth_sender_login_mismatch
                          >>> (to protect said restricted sender addresses from misuse when the
                          >>> client does not authenticate). (Thus a small change in the proposed code).
                          >> I think the following introduces the least amount of confusion.
                          >>
                          >> reject_sender_login_mismatch
                          >> [this definition does not change]
                          >>
                          >> reject_authenticated_sender_login_mismatch
                          >> Apply the reject_sender_login_mismatch restriction
                          >> only to clients that are SASL-authenticated.
                          >>
                          >> reject_unauthenticated_sender_login_mismatch
                          >> Apply the reject_sender_login_mismatch restriction
                          >> only to clients that are not SASL-authenticated.
                          >>
                          >> reject_known_sender_login_mismatch
                          >> Apply the reject_sender_login_mismatch restriction only to
                          >> MAIL FROM addresses that are known in $smtpd_sender_login_maps.
                          > This works for me, and also sensibly applies to both authenticated
                          > and unauthenticated clients.
                          >
                          Woaouuuuu, I leave 24h and all is there.
                          Viktor, Wietse, thank you !!!!!

                          Emmanuel.
                        Your message has been successfully submitted and would be delivered to recipients shortly.