Fix login map. Now includes both emails and aliases

This commit is contained in:
Morteza Milani 2015-06-20 03:27:18 -07:00
parent cf904a05cc
commit fc03ce9b2f
2 changed files with 18 additions and 2 deletions

View file

@ -153,7 +153,7 @@ tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
# #
# * `reject_non_fqdn_sender`: Reject not-nice-looking return paths. # * `reject_non_fqdn_sender`: Reject not-nice-looking return paths.
# * `reject_unknown_sender_domain`: Reject return paths with invalid domains. # * `reject_unknown_sender_domain`: Reject return paths with invalid domains.
# * `reject_sender_login_mismatch`: Reject if mail FROM address does not match the client SASL login # * `reject_authenticated_sender_login_mismatch`: Reject if mail FROM address does not match the client SASL login
# * `reject_rhsbl_sender`: Reject return paths that use blacklisted domains. # * `reject_rhsbl_sender`: Reject return paths that use blacklisted domains.
# * `permit_sasl_authenticated`: Authenticated users (i.e. on port 587) can skip further checks. # * `permit_sasl_authenticated`: Authenticated users (i.e. on port 587) can skip further checks.
# * `permit_mynetworks`: Mail that originates locally can skip further checks. # * `permit_mynetworks`: Mail that originates locally can skip further checks.
@ -167,7 +167,7 @@ tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
# whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC # whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC
# "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
tools/editconf.py /etc/postfix/main.cf \ tools/editconf.py /etc/postfix/main.cf \
smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \ smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023" smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023"
# Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that

View file

@ -69,6 +69,22 @@ tools/editconf.py /etc/postfix/main.cf \
smtpd_sasl_path=private/auth \ smtpd_sasl_path=private/auth \
smtpd_sasl_auth_enable=yes smtpd_sasl_auth_enable=yes
# ### Sender Validation
# Use a Sqlite3 database to set login maps. This is used with
# reject_authenticated_sender_login_mismatch to see if user is
# allowed to send mail using FROM field specified in the request.
tools/editconf.py /etc/postfix/main.cf \
smtpd_sender_login_maps=sqlite:/etc/postfix/sender-login-maps.cf
# SQL statement to set login map which includes the case when user is
# sending email using a valid alias.
# This is the same as virtual-alias-maps.cf, See below
cat > /etc/postfix/sender-login-maps.cf << EOF;
dbpath=$db_path
query = SELECT destination from (SELECT destination, 0 as priority FROM aliases WHERE source='%s' UNION SELECT email as destination, 1 as priority FROM users WHERE email='%s') ORDER BY priority LIMIT 1;
EOF
# ### Destination Validation # ### Destination Validation
# Use a Sqlite3 database to check whether a destination email address exists, # Use a Sqlite3 database to check whether a destination email address exists,