Postfix/How_reject_sender_login_mismatch_works
From http://archives.neohapsis.com/archives/postfix/2009-08/0006.html
The postfix documentation regarding reject_sender_login_mismatch:
Specifically the reject_authenticated_* and reject_unauthenticated_* forms, would greatly benefit from this small snippet from the mailing list archives:
I was really not clear on how this worked until finding this.
Although I'm still not sure why the reject_authenticated_* one is useful.
~~~~~~~~~~~~~~~~ snippet from mail archives ~~~~~~~~~~~~~~~~
to sum up:
if foo@example.com can only be used by user 'foo', then use reject_sender_login_mismatch
if foo@example.com must be authenticated (but you don't care who the user is), then use reject_unauthenticated_sender_login_mismatch
if foo@example.com can be used (without auth) OR (if auth'ed, the user must be 'foo'), then use reject_authenticated_sender_login_mismatch
<advanced>
you can implement this on a per sender basis using a check_sender_access with a map that returns one of the above depending on the sender.
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/access_sender_login
== access_sender_login:
joe@example.com reject_sender_login_mismatch
jim@example.com reject_authenticated_sender_login_mismatch
jane@example.com reject_unauthenticated_sender_login_mismatch
foo@example.com DUNNO
example.com reject_sender_login_mismatch</advanced>