Re: Postfix-Sender and recipient restriction problem
Thanks Mihira very thanks.It works like below:
------------------------------
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access reject_unlisted_recipient check_relay_domains reject_anunth_destination reject_unverified_recipient reject_unknown_recipient_domain reject_unauth_destination
smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_login_maps reject_unknown_sender_domain warn_if_reject reject_non_fqdn_sender reject_unauthenticated_sender_login_mismatch reject_unlisted_sender reject_unverified_sender reject_sender_login_mismatch
------------------------------
I configure mail server for smtp authentication and I added some parametres like below:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
abc.def
and smtpd.conf contains:
# *** sasldb ***
pwcheck_method: auxprop
mech_list:digest-md5 cram-md5
# *********************************
and I added user sasldb2 like below:
# saslpasswd2 -c -u abc.def -a smtpauth <username>
and write
# sasldblistusers2
<username>@abc.def: userPassword
and telnet to mail server
# telnet <mail server> 25
ehlo <mailserver>
250-server.abc.def
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5
250-AUTH=DIGEST-MD5 CRAM-MD5
250 8BITMIME
and change sender_recipient_restriction like below:
smtpd_sender_restrictions = reject_sender_login_mismatch check_sender_access hash:/etc/postfix/sender_login_maps reject_unknown_sender_domain warn_if_reject reject_non_fqdn_sender reject_unauthenticated_sender_login_mismatch reject_unlisted_sender reject_unverified_sender
in short,I moved "reject_sender_login_mismatch" at the top of list.
and create mail account on client with thunderbird and evolution. on thunderbird configure smtp server setting and I DIDNT click "security and authentication" checkbox.
and I tried send mail other mail account.
mail server alert(1) me
"Sender address reject:not logged in <mailadress@abc.def>...."
Its NORMALLY ok.
and I clicked "security and authentication" checkbox and wrote username and password.I wrote username without @ abc.def because of smtpd_sasl_local_domain = abc.def !
and tried again send mail.
Alert(2) is
"Sender address reject:not own by user <mailadress@abc.def> please verify mail address.....".
Open mail.log files and check it.
Sender address rejected: not owned by user
mailaddress@abc.def; from=<mailaddress@abc.def> to=<mailaddress2@abc.def> proto=ESMTP helo=<[
x.y.z.k]>
I am using courier-imap and each users account username is <username> NOT <username@abc.def>
Problem is: account username and sasldb username NOT same.
courier-imap use authmodulelist="authpam authcram".I cant use "@" unix username and sasldb want to @ abc.def so courier username ans sasldb username never be same.
I think I have to user authmodulelist="authuserdb" so what do you think about this ?
If you have different idea or solve without use authmodulelist="authuserdb" .Please share with me.
Thanks all.
Reply to: