Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed)

Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed) - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed) (/thread-12738.html)

Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed) - gulbrillo - 01-22-2011 05:16 AM

Dear community Smile

I installed ISPCP some days ago and it perfectly integrated in my server environment. I was fighing with some sasl authdb stuff but that's working finally. Last thing in Postfix for sending mail are smtpd_sender_login_maps.

I would like to restrict mail from addresses to one specific account. For that I need a file (smtpd_sender_login_maps) that would look like this:
email1@domain1.tdl sasluser1
email2@domain1.tdl sasluser2
email1@domain2.tdl sasluser3
...

or in ISPCP style users basically
email1@domain1.tdl email1@domain1.tdl
email2@domain1.tdl email2@domain1.tdl
email1@domain2.tdl email1@domain2.tdl
...

Well, there is the sender-access file in /etc/postfix/ispcp, which looks like
email1@domain1.tdl OK
email2@domain1.tdl OK
email1@domain2.tdl OK

But with that I could not link a user as owner of one specific address.

Sooo... It must be really easy to change the sender-access file generation

from
email1@domain1.tdl OK
to
email1@domain1.tdl email1@domain1.tdl

but... how? where? ...help? Smile

Thanks a lot!!

Found it... Smile

I was greping my entire HDD for "OK" Big Grin

here you go:

in
/var/www/ispcp/engine/ispcp-mbox-mngr
search for OK (it's in there two times) and change

'OK'

to

"$mail_acc\@$dmn_name"

the '' and "" are improtant.

In /etx/postfix/main.cf add one line:

smtpd_sender_login_maps=hash:/etc/postfix/ispcp/sender-access

and put reject_authenticated_sender_login_mismatch in smtpd_sender_restrictions.

smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated

The result: if user "mail@domain.tdl" logs in to your mailserver, he can only send mail with "from: mail@domain.tdl" - so he/she cannot fake his/her from-address. Cool

RE: Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed) - joximu - 01-22-2011 06:51 AM

This might be interesting...!
Thanx