On 2013-03-17 Per olof Ljungmark wrote: > We've had a working configuration since a few years where we allow > authenticated users to relay mail even if the sender address does not > match a local user and the recipient is non-local. > > Now this is about to change. > > So, if the sender is *authenticated*: > > - from local-user@local-domain to nonlocal@: allowed > - from nonlocal@ to local-user@local-domain: allowed obviously > - from nonlocal@ to nonlocal@: disallowed > > Currently we have > > smtpd_sender_restrictions = > hash:/usr/local/etc/postfix/access, > permit_sasl_authenticated, > permit_mynetworks, > reject_unknown_sender_domain, > reject_unauth_destination > > All local users are in a ldap table. > > Can we use for example "check_sender_access" > and if the user is authenticated *and* the users email or alias matches > MAIL FROM in the ldap lookup give it an OK? > > reject_sender_login_mismatch I guess is a possible candidate but then > the problem is MUA's where the user has several incoming accounts but > just one outgoing server configured and there are quite a few such. > > I'm still wading through the Postfix docs trying to get a grip on it but > if someone already did it I would be very grateful for a piece of > information... have to admit it feels a bit tricky.
I'd recommend separating authenticated from unauthenticated submission. Enable submission (port 587) with authentication required, and remove permit_sasl_authenticated from the smtpd instance on port 25. For the submission port you could enable reject_sender_login_mismatch to restrict senders to their own sender address. If you want them to be able to use arbitrary addresses for mail sent to local recipients, but disallow non-local sender addresses for outbound mail, you'll probably have to use a policy service. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky