Postfix reject_authenticated_sender_login_mismatch exclude specific account

Hi,
I wanted to enabled "Reject sender and login mismatch", because I think its a sensible solution for most users.
But I want for specific accounts, which I control myself (like remote webservers...) that those can send from any address they want.
I see the "mysql:/etc/postfix/mysql-virtual_sender.cf" comes before the reject, so from what I known, getting the permission in there would solve my problem. But I did not succeed in finding the right spot for this, any configuration I do in Relay Recipients and Transports does not change anything. Anywhere in this forum it always says "mail_access" should be empty: https://www.howtoforge.com/community/threads/relay-access-denied-when-sending-from-mail-client.63329/#post-303082

Is this table only to disable mail access, or am I unable to find the right spot to do this? I hope this is not an already answered question but I searched already for a solution here and found nothing.

 

So you only want the sender/login check for the authentificated users, not for local users like webserver? Untested, but try playing with reject_authenticated_sender_login_mismatch
See corresponding man page: http://www.postfix.com/postconf.5.html

 

Local IPs in `$my_networks` are allowed to send whatever they want to, I only enforce this:

for my users.
But I want an authenticated account, which can send whatever it wants to do (like without `reject_authenticated_sender_login_mismatch`, e.g., for a remote webserver which authenticates to my mail relay and does not have to be in `$my_networks`.

 

This function is either on or off. I think, there is no easy solution for that. If you know all the addresses a user should sent mails from, you can define them as aliases (Make an alias in ispconfig, and make sure, "Send as (Allow target to send mail using this alias as origin)" is ticked). I don't know, if wildcard aliases can be done (maybe the database has to be edited by hand for that, look for the sendAs fiel)

Otherwise you have to edit "/etc/postfix/mysql-virtual_sender_login_maps.cf" to make an exception for a specific user. But I can't help you with that.

You can add this hostname/IP to $my_networks

Another thing you could try (untested) is to add "check_sasl_access hash:/etc/postfix/somefilename" as first part of "smtpd_sender_login_maps"
Than in that file allow the usernames:

Code:

username1 OK
username2 OK

[edit]
Found a (slightly different) solution here: https://listi.jpberlin.de/pipermail/postfixbuch-users/2017-January/064906.html
If you don't know German and google does a bad job translating, I could do that for you.

 

That's exactly what I was looking for!
Thank you very much. (Ja ich kann Deutsch, vielen lieben Dank für das Angebot.)