On Thu, Aug 14, 2014 at 02:45:33PM -0700, Quanah Gibson-Mount wrote: > >235 2.7.0 Authentication successful > >mail from:testus...@zre-ldap003.eng.zimbra.com > >250 2.1.0 Ok > >rcpt to:testus...@zre-ldap002.eng.zimbra.com > >553 5.7.1 <testus...@zre-ldap003.eng.zimbra.com>: Sender address > >rejected: not owned by user testus...@zre-ldap003.eng.zimbra.com > > > >So I'll need to debug that next. :) > > Ok, this is because I have (among other things) > > smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch > > but nothing set for: > smtpd_sender_login_maps > > It does seem odd to me, that with it set to reject mismatched logins, it > rejects a matching login when no maps are defined.
Your notion of "matching" is too naive. Mere coincidence of email address and SASL login name is not a "match". A match is a lookup result from a table that returns the SASL login as one of the owner logins. If you like, you could try: main.cf: smtpd_sender_login_maps = pcre:${config_directory}/identity.pcre identity.pcre: # Sender addres as SASL user is automatically an owner /^(.+)$/ ${1} -- Viktor.