creating smtpd_sender_login_maps with mysql

Discussion in 'Server Operation' started by Tortanick, Jul 28, 2006.

  1. Tortanick

    Tortanick New Member

    after following http://www.howtoforge.com/virtual_postfix_mysql_quota_courier I have a working mailserver, however I'd like to make sure that users can only send mail from one of thier aliases. I don't perticually care if they can or can't send form the E-mail address in the users table.

    I tried this setup, but it hasn't worked: After I authenticate I get an error: <[email protected]>: Sender address rejected: not owned by user [email protected], this error appears in thunderbird and my mail.log

    The [email protected] is forwarded to [email protected] in the forwardings table, I tested with telnet.

    What I did:

    in main.cf change

    Code:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    
    to
    Code:
    smtpd_recipient_restrictions = permit_mynetworks, reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
    
    add the line
    Code:
    smtpd_sender_login_maps = mysql:/etc/postfix/mysql_login_maps.cf
    and smtpd_sender_login_maps.cf contains
    Code:
    user = mail_read
    password = mail_read_password
    dbname = mail
    table = forwardings
    select_field = source
    where_field = destination
    hosts = 127.0.0.1
    additional_conditions = and readonly = 0
    (I created readonly myself, its a enum with 0 & 1 as options, users shouldn't be able to send from aliases that have 1

    Postfix version 2.1.5
     
    Last edited: Jul 28, 2006
  2. Tortanick

    Tortanick New Member

    I got it working!

    Code:
    user = mail_read
    password = mail_read_password
    dbname = mail
    table = forwardings
    select_field = destination
    where_field = source
    hosts = 127.0.0.1
    additional_conditions = and readonly = '0'
    since this is more a guidet then a question:

    I licence this guide under Creative Commons, permission is given to everybody (epsecilly falko) to modify, use, and redistribute alone or part of a bigger guide.

    If I misunderstood the terms of Creative Commons anything following the word permission takes precidence
     
  3. falko

    falko Super Moderator ISPConfig Developer

    I'm not quite sure if you can license code snippets like this one... Because then someone else could come and say "I license all Apache directives, and everyone who uses them has to pay". I'm no lawyer though, but my common sense tells me so. But you know about the relation between law and common sense... :(
     
  4. Tortanick

    Tortanick New Member

    I don't know much about law either, but my instinct said I'd ended up with a mini guide rather than a code snippet (btw I was talking about both posts), your guides were under creative commons, and I wanted to give you permission to add the contents of those two posts to your guide so creative commons seemed like logical thing.

    Although now you mention it I should have known better than to apply logic to law.
     
    Last edited: Jul 29, 2006
  5. falko

    falko Super Moderator ISPConfig Developer

    It applies to the writing, i.e., my wording, screenshots, etc., and not so much to the code or the commands. :)
     
  6. tekknokrat

    tekknokrat New Member

    Sorry to exhume this one...
    I understand rules described here as a security mechanism for senders.
    But question is - can the map table also be used to prevent spoofing of sender addresses of incoming mails?
    So that it blocks remote mails containing sender addresses of accounts managed on that server.
     

Share This Page