Am 16.06.2014 09:45, schrieb Alessandro Vesely: > I tag it OT, as the comment is on the policy itself. > > On Sun 15/Jun/2014 22:11:29 +0200 li...@rhsoft.net wrote: >> Am 15.06.2014 22:01, schrieb Eliezer Croitoru: >>> I Have been reading: >>> http://www.postfix.org/ADDRESS_VERIFICATION_README.html >>> http://www.postfix.org/SMTPD_ACCESS_README.html >>> http://www.postfix.org/RESTRICTION_CLASS_README.html >>> >>> And I am still unsure on how to go one step forward.. >>> I want to allow my local SMTP authenticated users to be able to send only >>> with a From of the local domains of the >>> local service. >>> For example I have about 10-20 domains that the server is serving and I >>> want to allow to send from domains: >>> example.com OK >>> hotmail.com REJECT >>> example2.com OK >>> etc... >> >> what you describe is *the minimum* requirement of a sane MTA >> you must not allow senders you would not accept incoming messages >> and no - there are no exceptions for whatever user >> >> http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender > > An exception to this rule is the ability to use mail services provided > by external domains, for example Trashmail.net. I tried to persuade > Stephan to turn his service into a distributed method for using > disposable addresses, but he declined: > https://ssl.trashmail.net/forum/viewtopic.php?f=2&t=5421&start=24 > > Some sites allow using foreign addresses, for example Gmail. They > verify the address, and then provide for using a foreign domain's key > for DKIM signing, or relaying via the foreign domain's MSA service
the point is "relaying via the foreign domain's MSA service" thats why "sender_dependent_relayhost_maps" exists in postfix we do the same and feed "sender_dependent_relayhost_maps" as well as "local_recipient_maps" and "smtpd_sender_login_maps" from databases which achieves the desired result anyways "reject_authenticated_sender_login_mismatch" is the solution for the thread starters problem, just list there the senders you allow for login X,Y,Z and reject anything which is not listed
