Postfix reject_authenticated_sender_login_mismatch exclude specific account

Discussion in 'Installation/Configuration' started by conrad784, Nov 2, 2019.

Tags:
  1. conrad784

    conrad784 New Member

    Hi,
    I wanted to enabled "Reject sender and login mismatch", because I think its a sensible solution for most users.
    But I want for specific accounts, which I control myself (like remote webservers...) that those can send from any address they want.
    I see the "mysql:/etc/postfix/mysql-virtual_sender.cf" comes before the reject, so from what I known, getting the permission in there would solve my problem. But I did not succeed in finding the right spot for this, any configuration I do in Relay Recipients and Transports does not change anything. Anywhere in this forum it always says "mail_access" should be empty: https://www.howtoforge.com/community/threads/relay-access-denied-when-sending-from-mail-client.63329/#post-303082

    Is this table only to disable mail access, or am I unable to find the right spot to do this? I hope this is not an already answered question but I searched already for a solution here and found nothing.
     
  2. Steini86

    Steini86 Active Member

    So you only want the sender/login check for the authentificated users, not for local users like webserver? Untested, but try playing with reject_authenticated_sender_login_mismatch
    See corresponding man page: http://www.postfix.com/postconf.5.html
     
  3. conrad784

    conrad784 New Member

    Local IPs in `$my_networks` are allowed to send whatever they want to, I only enforce this:
    for my users.
    But I want an authenticated account, which can send whatever it wants to do (like without `reject_authenticated_sender_login_mismatch`, e.g., for a remote webserver which authenticates to my mail relay and does not have to be in `$my_networks`.
     
    Last edited: Nov 4, 2019
  4. Steini86

    Steini86 Active Member

    This function is either on or off. I think, there is no easy solution for that. If you know all the addresses a user should sent mails from, you can define them as aliases (Make an alias in ispconfig, and make sure, "Send as (Allow target to send mail using this alias as origin)" is ticked). I don't know, if wildcard aliases can be done (maybe the database has to be edited by hand for that, look for the sendAs fiel)

    Otherwise you have to edit "/etc/postfix/mysql-virtual_sender_login_maps.cf" to make an exception for a specific user. But I can't help you with that.
    You can add this hostname/IP to $my_networks

    Another thing you could try (untested) is to add "check_sasl_access hash:/etc/postfix/somefilename" as first part of "smtpd_sender_login_maps"
    Than in that file allow the usernames:
    Code:
    username1 OK
    username2 OK

    [edit]
    Found a (slightly different) solution here: https://listi.jpberlin.de/pipermail/postfixbuch-users/2017-January/064906.html
    If you don't know German and google does a bad job translating, I could do that for you.
     
    Last edited: Nov 5, 2019
    conrad784 likes this.
  5. conrad784

    conrad784 New Member

    That's exactly what I was looking for!
    Thank you very much. (Ja ich kann Deutsch, vielen lieben Dank für das Angebot.)
     
    Steini86 likes this.

Share This Page