On 15/12/2011, at 5:28 PM, Noel Jones wrote:
>>
>> Thanks again... what if i just wanted postfix to check a mysql-based list of
>> approved sending email addresses and/or domains? e.g. NOT associate it with
>> a SASL login but has an approved sender list. e.g. all SASL login's would be
>> able to send "from" all of the domains/addresses on the list? (I'm thinking
>> of a specific situation where i would need this).
>>
>> Simon
>>
>
> That's easy enough to do with a check_sender_access map. Assuming
> an MSA (user submission only, no general incoming mail), something
> as simple as:
>
> smtpd_sender_restrictions =
> check_sender_access hash:/path/to/allowed_senders
> reject
>
> With allowed_senders table something like
> us...@example.com OK
> example.org OK
>
> Any sender not on the approved list gets rejected. Do this in
> smtpd_sender_restrictions to avoid possible open relay accidents
> that could occur if you do this test in smtpd_recipients_restrictions.
>
> These restrictions could also be put into master.cf as -o options on
> the submission or smtps services.
Thanks Noel, What if i needed todo this with SASL-authenticated "senders"...
This is my current setup:
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain,
permit
Can you assist me to get the order correct here? I would like
permit_sasl_authenticated as well as check_sender_access (from a mysql table)
if possible...
Many thanks!
Simon
