Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

smtpd_sender_login_maps problem

194 views
Skip to first unread message

Timo Veith

unread,
Jan 21, 2011, 8:30:22 AM1/21/11
to
Hello postfix-users,

I want to tie my users to their email addresses using the smtpd_sender_login_maps and the reject_sender_login_mismatch parameter. I have activated the settings in main.cf and it is working as far as I can tell from the mail.log. I am watching the reject_warnings. 

The following problem arose: use...@example-a.com sends a message out to use...@example-b.com. The second domain example-b.com is on a completly different mail server. From there user2 redirects this message (via .forward or whatever) back to his account us...@example-a.com on the first server.

Now, postfix sees this logs "Sender address rejected: not logged in;"

Do I have an error in reasoning or what am I doing wrong?

Here are my smtpd_restrictions:

smtpd_recipient_restrictions =
   reject_non_fqdn_recipient
   reject_non_fqdn_sender
   reject_unknown_recipient_domain
   warn_if_reject reject_sender_login_mismatch
   permit_mynetworks
   reject_unlisted_sender
   permit_sasl_authenticated
   reject_unknown_sender_domain
   reject_unauth_destination
   reject_non_fqdn_helo_hostname
   reject_invalid_helo_hostname
   check_client_access hash:/etc/postfix/exceptions_from_reject_unknown_client_hostname
   reject_unknown_client_hostname
   check_recipient_access hash:/etc/postfix/roleaccount_exceptions
   check_recipient_access ldap:/etc/postfix/ldap/groups_only_sasl_authenticated
   check_helo_access pcre:/etc/postfix/helo_checks
   check_sender_mx_access cidr:/etc/postfix/bogus_mx
   reject_rbl_client zen.spamhaus.org
   reject_rhsbl_sender dsn.rfc-ignorant.org
   check_policy_service inet:127.0.0.1:10030
   permit

regards,
Timo

Victor Duchovni

unread,
Jan 21, 2011, 3:52:50 PM1/21/11
to
On Fri, Jan 21, 2011 at 02:30:22PM +0100, Timo Veith wrote:

> I want to tie my users to their email addresses using the
> smtpd_sender_login_maps and the reject_sender_login_mismatch parameter. I
> have activated the settings in main.cf and it is working as far as I can
> tell from the mail.log. I am watching the reject_warnings.

This is best with a port 587 MSA, but may not be appropriate with a port 25
MTA, especially if some users forward their mail to your server.

Perhaps you should reject sender_login mismatch only for authenticated
transactions.

--
Viktor.

Timo Veith

unread,
Jan 21, 2011, 4:37:09 PM1/21/11
to
2011/1/21 Victor Duchovni <Victor....@morganstanley.com>:

Hello Victor,

thank you for your reply. I will try what you have suggested.

Kind regards,
Timo

0 new messages