Current time: 12-23-2024, 08:22 AM Hello There, Guest! (LoginRegister)


Post Reply 
Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed)
Author Message
gulbrillo Offline


Posts: 2
Joined: Jan 2011
Reputation: 0
Post: #1
Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed)
Dear community Smile

I installed ISPCP some days ago and it perfectly integrated in my server environment. I was fighing with some sasl authdb stuff but that's working finally. Last thing in Postfix for sending mail are smtpd_sender_login_maps.

I would like to restrict mail from addresses to one specific account. For that I need a file (smtpd_sender_login_maps) that would look like this:
email1@domain1.tdl sasluser1
email2@domain1.tdl sasluser2
email1@domain2.tdl sasluser3
...

or in ISPCP style users basically
email1@domain1.tdl email1@domain1.tdl
email2@domain1.tdl email2@domain1.tdl
email1@domain2.tdl email1@domain2.tdl
...

Well, there is the sender-access file in /etc/postfix/ispcp, which looks like
email1@domain1.tdl OK
email2@domain1.tdl OK
email1@domain2.tdl OK

But with that I could not link a user as owner of one specific address.

Sooo... It must be really easy to change the sender-access file generation

from
email1@domain1.tdl OK
to
email1@domain1.tdl email1@domain1.tdl

but... how? where? ...help? Smile

Thanks a lot!!
Found it... Smile I was greping my entire HDD for "OK" Big Grin

here you go:

in
/var/www/ispcp/engine/ispcp-mbox-mngr
search for OK (it's in there two times) and change

'OK'

to

"$mail_acc\@$dmn_name"

the '' and "" are improtant.

In /etx/postfix/main.cf add one line:

smtpd_sender_login_maps=hash:/etc/postfix/ispcp/sender-access

and put reject_authenticated_sender_login_mismatch in smtpd_sender_restrictions.

smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated

The result: if user "mail@domain.tdl" logs in to your mailserver, he can only send mail with "from: mail@domain.tdl" - so he/she cannot fake his/her from-address. Cool
(This post was last modified: 01-22-2011 06:10 AM by gulbrillo.)
01-22-2011 05:16 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #2
RE: Postfix: reject_sender_login_mismatch (smtpd_sender_login_maps needed)
This might be interesting...!
Thanx
01-22-2011 06:51 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)