Hello,
I have configured the default install of Postfix (version 2.5.5) on Apple OS X
Server 10.6.3 (Darwin 10.3.0). Everything seems to run very well with the
exception that once authenticated, a user can claim to be any valid email
address on my network.
I currently require SASL Authentication for all senders and the system is
referencing the User Name and Password stored within Open Directory.
I now have a desire to restrict senders to their email addresses listed within
Open Directory. I want to make sure that the email address listed in OD is the
only sending address a user can use based upon their SASL credentials.
I tried to reference LDAP using , "smtpd_sender_login_maps =
ldap:/etc/postfix/ldap-aliases.cf" but I found that Apple did not include LDAP
as a dictionary type. Here are the types that are supported in my build.
postconf -m
btree
cidr
environ
hash
pcre
proxy
regexp
static
unix
I guess I don't understand how SASL is checking OD for User Name and Password
but can't check to verify the local sender's email address in OD.
If it is not possible to access the OD data, can someone please explain, in
very easy to understand terms and with examples, how to implement this feature
in the "main.cf" file using a hash file listing every User Name and Email
address?
So far, I have tried these items with no success:
smtp_sender_dependent_authentication = yes
smtpd_sender_restrictions =
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
reject
