Please don't top-post your replies here. It makes the conversation much harder to follow.
On Thu, May 31, 2012 at 10:35:25AM -0400, JLP wrote: > On 5/30/2012 7:24 PM, /dev/rob0 wrote: > >On Wed, May 30, 2012 at 05:05:16PM -0400, JLP wrote: > >>Originally, I was trying to make "smtpd_sender_restrictions" > >>work, but Noel Jones (thanks again!) clued-me into the > >>config-option "authorized_submit_users" when using the sendmail > >>(or derivative) binaries. I tried unsuccessfully making some > >>form of unix:group.byname work like these options: > >> authorized_submit_users=!unix:group.byname, static:all > >> authorized_submit_users=!unix:group.byname=badUnixGroup, static:all > >> > >>Short of creating a cronjob-script to regularly re/create a HASH > >>file of disallowed users in the Unix group, is there something > >>obvious I am missing? > >You missed the postconf(5) manual, specifically the description of > >authorized_submit_users. Negation can apply to a /file/name but not > >to a type:table lookup. > > > >http://www.postfix.org/postconf.5.html#authorized_submit_users > I did review the > http://www.postfix.org/postconf.5.html#authorized_submit_users page > and it mentions that patterns can be negated, here are the relevant > strings of the docs I thought applicable to this case. > > Specify a list of user names, "/file/name" or "type:table" patterns ... > Specify "!pattern" to exclude a user name from the list. > The form "!/file/name" is supported only in Postfix version 2.4 > and later. > > If patterns aren't supported, thank you for setting me straight, I > was just hoping to avoid building a script to regularly re/create the > nosend file. Should I submit a bug report for a documentation change > to make this point more clearly? Actually I think your interpretation of the negation was correct, mine was wrong. Where you were in error was the fact that the search performed was for the username, not for the group name. unix:group.byname will return a value if the group name is found. There is no "authorized_submit_groups" feature. That would have done what you wanted to do. > As for the "authorized_submit_users=!unix:group.byname=badUnixGroup" > syntax, I found an OLD example in a mailing list, not the > manpage-docs, I was trying to show what I was attempting. Right. My point being that the person who posted that was guessing. There is no shortage of false and misleading "information" on the web; not so, in the documentation. We do have our occasional misunderstandings, as you did confusing a username search for a groupname search, and as I did with the "!pattern" negation, but careful rereading usually clears things up. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
