= Postfix/How_reject_sender_login_mismatch_works =

From http://archives.neohapsis.com/archives/postfix/2009-08/0006.html

----
The postfix documentation regarding reject_sender_login_mismatch:
 * http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
 * http://www.postfix.org/SMTPD_ACCESS_README.html

Specifically the `reject_authenticated_*` and `reject_unauthenticated_*` forms, would greatly benefit from this small snippet from the mailing list archives:
 * http://archives.neohapsis.com/archives/postfix/2009-01/0523.html

I was really not clear on how this worked until finding this.

Although I'm still not sure why the `reject_authenticated_*` one is useful.


~~~~~~~~~~~~~~~~ snippet from mail archives ~~~~~~~~~~~~~~~~

to sum up:

 * if foo@example.com can only be used by user 'foo', then use `reject_sender_login_mismatch`
 * if foo@example.com must be authenticated (but you don't care who the user is), then use `reject_unauthenticated_sender_login_mismatch`
 * if foo@example.com can be used (without auth) OR (if auth'ed, the user must be 'foo'), then use `reject_authenticated_sender_login_mismatch`

<advanced>

you can implement this on a per sender basis using a `check_sender_access` with a map that returns one of the above depending on the sender.

{{{
smtpd_sender_restrictions =
       check_sender_access hash:/etc/postfix/access_sender_login

== access_sender_login:
joe@example.com reject_sender_login_mismatch
jim@example.com reject_authenticated_sender_login_mismatch
jane@example.com reject_unauthenticated_sender_login_mismatch
foo@example.com DUNNO
example.com reject_sender_login_mismatch
}}}
</advanced>