verify mail fom after authentication

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

verify mail fom after authentication

LEVEAU Stanislas

Hi,

i would like verify mail from address after authentication.


I set up a ldap authentication for my users that works very well. it's ok

smtp     inet  n       -       n       -       -       smtpd
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_sasl_local_domain=ac-caen.fr
        -o smtpd_sasl_application_name=smtpd
        -o broken_sasl_auth_clients=yes
        -o smtpd_sasl_security_options=noanonymous
        -o smtpd_sasl_authenticated_header=no
        -o smtpd_helo_required=yes
        -o smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject



In a second time i allow the email addresses of the account to send messages only from the addresses of their account, I added this configuration and it works very well but currently for my users it is too restrictive so i search a less restrictive solution

    -o smtpd_sender_login_maps=<a class="moz-txt-link-freetext" href="ldap:/etc/postfix/ldap-loginsasl.cf">ldap:/etc/postfix/ldap-loginsasl.cf
   -o smtpd_sender_restrictions=reject_sender_login_mismatch


File /etc/postfix/ldap-loginsasl.cf

server_host = ldap.domain.fr
server_port = 389
bind = no
search_base = ou=domain,c=fr
query_filter = (&(objectclass=inetMailUser)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s)))
result_attribute = uid, mail, mailAlternateAddress, mailEquivalentAddress
domain = domain1.fr, domain2.fr
version = 3



My
less restrictive solution is, that only the addresses (MAIL FROM) of my domains (ldap verification) can send mails even if they are not attached to the authenticated account and the addresses of another domain are rejected.


I did that but it does not work. i think it's not good solution i had check_sender_access

-o smtpd_recipient_restrictions=check_sender_access <a class="moz-txt-link-freetext" href="ldap:/etc/postfix/sender-list.cf">ldap:/etc/postfix/sender-list.cf,permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject


File /etc/postfix/sender-list.cf :

server_host = ldap.domain.fr
server_port = 389
bind = no
search_base = ou=domain,c=fr
query_filter = (&(objectclass=inetMailUser)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s)))
result_attribute = uid, mail, mailAlternateAddress, mailEquivalentAddress
domain = domain1.fr, domain2.fr
version = 3


do you have an idea?

regards