- Previous message: Wietse Venema: "Re: [Postfix Users] Re: x-original-to headers for email router *bump*"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Neil Williams (no email)
Date: Sun Sep 02 2007 - 10:01:15 EDT
The approach suggested by Noel works a treat.
Many thanks
Neil
Noel Jones wrote:
> At 01:38 PM 8/30/2007, Neil Williams wrote:
>> Dear postfix-users
>>
>> My Postfix server allows relaying by authenticated remote SMTP
>> clients, because main.cf has:
>>
>> smtpd_recipient_restrictions=permit_mynetworks,
>> permit_sasl_authenticated, reject_unauth_destination
>> smtpd_sasl_auth_enable=yes
>> smtpd_sasl_security_options=noanonymous
>>
>> This way all of the users (virtual mailbox owners) can set their MUA
>> to use my system as their outgoing server (if they supply a username
>> and password).
>>
>> What should I do if I would like to restrict this relaying access to
>> only a few users on the system?
>
> The simple way would be to replace "permit_sasl_authenticated" with a
> check_sender_access map.
> # main.cf
> smtpd_recipient_restrictions =
> permit_mynetworks
> check_sender_access hash:/etc/postfix/allowed_sasl_senders
> reject_unauth_destination
>
> # allowed_sasl_senders
> permit_sasl_authenticated
> permit_sasl_authenticated
>
> You may want to also restrict which authenticated users can use which
> login ID by using smtpd_sender_login_maps and
> reject_sender_login_mismatch. This would prevent
> from sending mail claiming to be from . This may or
> may not be needed in your environment.
>
-- Neil Williams BEng, PhD LimaKilo Information Systems 15 Dunfermline Business Centre Izatt Avenue DUNFERMLINE Fife KY11 3BZ 07976 852 467 www.limakilo.com
|
|
|