reject_authenticated_sender_login_mismatch

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

reject_authenticated_sender_login_mismatch

Michael-516
As follows

smtpd_recipient_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        check_recipient_access hash:/etc/postfix/access,
        permit_mynetworks,
    reject_authenticated_sender_login_mismatch
mysql:/etc/postfix/mysql-sender-access.cf    
        reject_unauth_destination

mysql-sender-access.cf

hosts = localhost
user = USER
password = PASS
dbname = system

query = SELECT username FROM mailboxes WHERE email='%s' AND active='1'

The error returned is:

RECEIVER ADDRESS (The server responded: "5.7.1 <SENDER ADDRESS>: Sender
address rejected: not owned by user SASL USER")

What;s going on? Running the query directly against the SQL database returns
the desired result.
Reply | Threaded
Open this post in threaded view
|

Re: reject_authenticated_sender_login_mismatch

Barney Desmond
2010/1/11 Michael <[hidden email]>:

> As follows
>
> smtpd_recipient_restrictions =
> ...
>        check_recipient_access hash:/etc/postfix/access,
>        permit_mynetworks,
>    reject_authenticated_sender_login_mismatch
> mysql:/etc/postfix/mysql-sender-access.cf
>        reject_unauth_destination
> ...
> RECEIVER ADDRESS (The server responded: "5.7.1 <SENDER ADDRESS>: Sender
> address rejected: not owned by user SASL USER")
>
> What;s going on? Running the query directly against the SQL database returns
> the desired result.

I've not used this function before myself, but my reading of the docs
indicates you might've misinterpreted the correct usage.

I hopped through these three in order:
http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps

You haven't posted the output of `postconf -n`, so I don't know if
your settings are correct, but I suspect you're needing something
like:

smtpd_recipient_restrictions =
       reject_invalid_hostname,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient,
       reject_unknown_sender_domain,
       reject_unknown_recipient_domain,
       reject_unauth_pipelining,
       check_recipient_access hash:/etc/postfix/access,
       permit_mynetworks,
       reject_authenticated_sender_login_mismatch,
       reject_unauth_destination

smtpd_sender_login_maps = mysql:/etc/postfix/mysql-sender-access.cf

reject_authenticated_sender_login_mismatch doesn't take a type:table
mapping, it just makes use of one defined elsewhere.
Reply | Threaded
Open this post in threaded view
|

Re: reject_authenticated_sender_login_mismatch

mouss-4
In reply to this post by Michael-516
Michael a écrit :
> As follows
>
> smtpd_recipient_restrictions =
>         reject_invalid_hostname,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_unknown_sender_domain,
>         reject_unknown_recipient_domain,
>         reject_unauth_pipelining,

useless. RCPT TO is an "asynchronous" command, so there is no
"unauth_pipelining" at this stage. read the pipelining RFC for more.

>         check_recipient_access hash:/etc/postfix/access,

Avoid check_foo_access before reject_unauth_destination. an error will
make you an open relay. what are you tryng to do with that?

>         permit_mynetworks,
>     reject_authenticated_sender_login_mismatch
> mysql:/etc/postfix/mysql-sender-access.cf    

As Barney pointed out, errax syntor (syntax error).

you want something like:

smtpd_sender_login_maps = mysql:/etc/postfix/mysql-sender-access.cf
smtpd_sender_restrictions =
        reject_authenticated_sender_login_mismatch

(there's no point polluting smtpd_recipient_restrictions with this).


PS. next time, show output of 'postconf -n' instead of personally
selected main.cf snippets.

> [snip]