Коньков Евгений a écrit :
> Hello, Postfix-users.
>
> 1. which option cause to warn:
> reject_unknown_sender_domain reject_sender_login_mismatch
> reject_unverified_sender
> ?
> It will be cleaner if:
> ... Sender address rejected by 'reject_sender_login_mismatch' ...
>
the three reject_* that yoi cited cause different rejection messages, so
there is no ambiguity once you know which says what.
> 2. and why it is warn if I am an authenticated user?
>
because you have
warn_if_reject reject_sender_login_mismatch
>
> Jan 27 00:40:05 kes postfix/smtpd[81143]: connect from unknown[10.10.16.18]
> Jan 27 00:40:05 kes dovecot: auth(default): client in: AUTH 1
> CRAM-MD5 service=smtp nologin
> Jan 27 00:40:05 kes dovecot: auth(default): client out: CONT 1
> PDc5NjIxMjAzODg4ODg1NjkuMTI2NDU0NTYwNUBrZXMubmV0LnVhPg==
> Jan 27 00:40:05 kes dovecot: auth(default): client in: CONT 1
> a2VzQGtlcy5uZXQudWEgOTU0NjcxZjA1YThkZTgxMzg3OWFlMDc4NGJhNTQyOWI=
> Jan 27 00:40:05 kes dovecot: auth(default): passwd-file(asdf): lookup:
> user=kes file=/usr/local/etc/postfix/users/asdf/mailboxes
> Jan 27 00:40:05 kes dovecot: auth(default): password(asdf): Credentials:
> 5ac863f0b34f7a3062b61ad8491ff1291fa1cc2ef57c3bed63c85348107694b1
> Jan 27 00:40:05 kes dovecot: auth(default): client out: OK 1 user=asdf
> Jan 27 00:40:05 kes postfix/smtpd[81143]: NOQUEUE: reject_warning:
> RCPT from unknown[10.10.16.18]: 553 5.7.1 <asdf>: Sender address rejected:
> not owned by user asdf;from=<asdf> to=<[email protected]> proto=ESMTP
> helo=<HOMEUSER>
> Jan 27 00:40:05 kes postfix/smtpd[81143]: 70ABC33C42:
> client=unknown[10.10.16.18], sasl_method=CRAM-MD5, sasl_username=asdf
>
> config file:
>
> smtpd_helo_required = yes
> smtpd_reject_unlisted_sender = yes
> #smtpd_helo_restrictions = reject_unknown_helo_hostname
> #smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_sender_restrictions =
> warn_if_reject reject_unknown_sender_domain
> warn_if_reject reject_sender_login_mismatch
> warn_if_reject reject_unverified_sender
> smtpd_data_restrictions = reject_unauth_pipelining
>
>
>
> #smtpd_client_restrictions =
> # check_client_access hash:/usr/local/etc/postfix/access
>
> smtpd_recipient_restrictions =
> check_recipient_access hash:/usr/local/etc/postfix/access
put this elsewhere (such as under smtpd_sender_restrictions.. avoid
check_* before rject_unauth_destination, because an error will make you
relay mail that you wouldn't want to relay.
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> warn_if_reject reject_unknown_recipient_domain
> warn_if_reject reject_unverified_recipient
>
>
>