|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bill Cole (postfixlists-070913
billmail.scconsult.com)
Date: Thu May 15 2008 - 11:52:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 1:38 PM +0300 5/15/08, AlxFrag imposed structure on a stream of
electrons, yielding:
>Hi,
>
>I've setup postfix as following:
>
>In main.cf:
>
>smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
>
>smtpd_sender_login_maps=<ldap:/etc/postfix/local_recipients.cf>ldap:/etc/postfix/local_recipients.cf
>
>smtpd_sender_restrictions=permit_mynetworks,check_sender_access
>hash:/etc/postfix/block_senders,hash:/etc/postfix/my_domains,reject_authenticated_sender_login_mismatch
>
>smtpd_restriction_classes=verify_login
>
>verify_login=reject_sender_login_mismatch
There's your problem.
reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an
owner for the MAIL FROM address, but the client is not (SASL)
logged in as that MAIL FROM address owner; or when the client is
(SASL) logged in, but the client login name doesn't own the MAIL
FROM address according to $smtpd_sender_login_maps.
This is a feature that forces every address that can be looked up in
$smtpd_sender_login_maps (apparently all of your valid local
recipients?) to authenticate in order to be used as a sender. This
feature is not usually suitable on a server that handles anything
other than initial mail submission.
>One of my users usermydomain owns another account to an external
>server userexternal_domain.
>
> In that domain he has placed an alias so as every mail sent to
>userexternal_domain is redirected to usermydomain.
>
>Whenever i try to send an email from my account postmastermydomain
>to userexternal_domain i get the following error:
>
> ----- The following addresses had permanent fatal errors -----
><usermydomain>
> (reason: 553 5.7.1 <postmastermydomain>: Sender address
>rejected: not logged in)
>
> ----- Transcript of session follows -----
>... while talking to myserver.:
That message is generated by the mail server for external_domain,
which is trying to forward the mail to the account in your domain and
is using (correctly) the sender you used for that mail, which is a
local address for you. Since that mail server cannot authenticate as
that local user, your server is doing what you've configiured it to
do: reject the mail.
--
Bill Cole
billscconsult.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]