>We would like only *specific* usernames to be able to use the
>authenticated relay. And currently everybody with dovecot imap access
>can also use the relay. Is there a way to restrict that?
>A simple list of usernames would work, or more advanced: dynamically
>using an ldap lookup to check group membership.
I believe you could use ldap tables here.
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
> Hi all,
> Is there a way to limit/restrict the usernames that are allowed to use
> our postfix dovecot-sasl authenticated smtp relay?
In smtpd_client_restrictions, use check_sasl_access:
Use the remote SMTP client SASL user name as lookup key for the
specified access(5) database. The lookup key has the form "user-
name@domainname" when the smtpd_sasl_local_domain parameter
value is non-empty. Unlike the check_client_access feature,
check_sasl_access does not perform matches of parent domains or
IP subnet ranges. This feature is available with Postfix ver-
sion 2.11 and later.