Reject sender and login mismatch doesn't work

Discussion in 'Installation/Configuration' started by topogigio, Sep 9, 2021.

Tags:
  1. topogigio

    topogigio Member

  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    What does 'postconf smtpd_sender_restrictions' show? Also what version of ISPConfig are you running?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Or maybe he is using webmail?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Yes, please also provide logs from mail.log when you send such a message that should not be allowed.
     
  6. topogigio

    topogigio Member

    last one: 3.2.5

    I noticed that the value is mssing in postfix configuration. Tried to uncheck and recheck, still nothing. Tried to add manually the value to postfix config, and it works.
    after this (I tried before to read your message) it reports

    smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender
    postconf: warning: /etc/postfix/main.cf: unused parameter: reject_sender_login_mismatch=true
     
  7. topogigio

    topogigio Member

    no: SMTP on 587
     
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    That looks correct, so if it's not working, either your sender is permitted via mysql-virtual_sender.cf (ie. a "Postfix whitelist" entry), your client is in mynetworks, or maybe it's not doing what you think (eg. only setting From address, but not actually using a different smtp sender), hence the request for logs.
     
  9. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Did you maybe override smtpd_sender_restrictions for submission service in master.cf?
     
  10. topogigio

    topogigio Member

    No I was able to perform a repro connecting my Thunderbird to an account and sending with a fake sender

    starting from "postconf: warning: /etc/postfix/main.cf: unused parameter: reject_sender_login_mismatch=true" I tried to remove the line I inserted, restart postfix an other time, and recheck.
    it reports now:
    "smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender"
    and no warning

    and it works as expected (sending with a different sender is blocked).
    So it seems that the right value has been added to postfix after my test (and postfix restore), but I cannot explain why.

    meantime thanks for your quick assistance and great job
     

Share This Page