On 2013.10.28 21:54:00 +0100, Rudy Gevaert wrote:
> Quoting wie...@porcupine.org (Wietse Venema), Fri, 25 Oct 2013:
> >Adding check_sasl_sender_access support would not be difficult.
> >It just hasn't been done yet.
Not explicit, but ...
> Disabling the account is indeed a possibility, which we do now.
> However because of the current setup, we can't only disable smtp
> auth. Having an extra sender access map would have helped :)
Here is just another workaround. Simply reject a given MAIL FROM address with
'check_sender_access', but make sure SASL authenticated users can't
choose any arbitrary sender. Tie (SASL) login names to sender addresses
using 'smtpd_sender_login_maps' unless it's already part of your setup.
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
--
Best regards,
Manuel
