> On Feb 19, 2018, at 11:35 AM, Alex <mysqlstud...@gmail.com> wrote: > > In other words, if the sasl_username is alice, I'd like to restrict > the envelope sender and From address to only legitimate accounts > belonging to that sasl user.
If the account is compromised, you really should deny access until the password is changed. That said, you can use: main.cf: indexed = ${default_database_type}:${config_directory}/ smtpd_restriction_classes = enforce_login enforce_login = reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, reject smtpd_sender_restrictions = check_sasl_access ${indexed}sasl-access sasl-access: # The lookup key is the SASL login name, which may be "user@realm", # rather than just "user", specify accordingly. # alice enforce_login -- Viktor.