Vytenis Sabaliauskas:
[ Charset UTF-8 unsupported, converting... ]
> Hello everybody,
>
> I'm struggling to stop abusing SASL usernames. My idea is to allow any
> particular SASL username send only from his domain, that is "
> u...@example.com" can send from "anyth...@example.com", but not from "
> u...@otherexample.com".
>
> I know it should be done with "reject_authenticated_sender_login_mismatch"
> and "smtpd_sender_login_maps", but what kind of PCRE rules should I write?
> Or PCRE is not a good option to achieve this?
The documentation describes exactly what queries Postfix will make
(see 1..3 below) and what the result of the queries must be (see
last paragraph).
The documentation describes DB, DBM, NIS, LDAP or SQL queries. By
using PCRE you just add unnecessary complexity.
Wietse
smtpd_sender_login_maps (default: empty)
Optional lookup table with the SASL login names that own sender (MAIL
FROM) addresses.
Specify zero or more "type:name" lookup tables, separated by whitespace
of comma. Tables will be searched in the specified order until a match
is found. With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, the following search opera-
tions are done with a sender address of user@domain:
1) user@domain
This table lookup is always done and has the highest precedence.
2) user
This table lookup is done only when the domain part of the
sender address matches $myorigin, $mydestination, $inet_inter-
faces or $proxy_interfaces.
3) @domain
This table lookup is done last and has the lowest precedence.
In all cases the result of table lookup must be either "not found" or a
list of SASL login names separated by comma and/or whitespace.
