From: mouss on
Коньков Евгений a écrit :
> Hello, Postfix-users.
>
> 1. which option cause to warn:
> reject_unknown_sender_domain reject_sender_login_mismatch reject_unverified_sender
> ?
> It will be cleaner if:
> ... Sender address rejected by 'reject_sender_login_mismatch' ...
>

the three reject_* that yoi cited cause different rejection messages, so
there is no ambiguity once you know which says what.

> 2. and why it is warn if I am an authenticated user?
>

because you have
warn_if_reject reject_sender_login_mismatch

>
> Jan 27 00:40:05 kes postfix/smtpd[81143]: connect from unknown[10.10.16.18]
> Jan 27 00:40:05 kes dovecot: auth(default): client in: AUTH 1 CRAM-MD5 service=smtp nologin
> Jan 27 00:40:05 kes dovecot: auth(default): client out: CONT 1 PDc5NjIxMjAzODg4ODg1NjkuMTI2NDU0NTYwNUBrZXMubmV0LnVhPg==
> Jan 27 00:40:05 kes dovecot: auth(default): client in: CONT 1 a2VzQGtlcy5uZXQudWEgOTU0NjcxZjA1YThkZTgxMzg3OWFlMDc4NGJhNTQyOWI=
> Jan 27 00:40:05 kes dovecot: auth(default): passwd-file(asdf): lookup: user=kes file=/usr/local/etc/postfix/users/asdf/mailboxes
> Jan 27 00:40:05 kes dovecot: auth(default): password(asdf): Credentials: 5ac863f0b34f7a3062b61ad8491ff1291fa1cc2ef57c3bed63c85348107694b1
> Jan 27 00:40:05 kes dovecot: auth(default): client out: OK 1 user=asdf
> Jan 27 00:40:05 kes postfix/smtpd[81143]: NOQUEUE: reject_warning:
> RCPT from unknown[10.10.16.18]: 553 5.7.1 <asdf>: Sender address rejected: not owned by user asdf;from=<asdf> to=<E.K(a)some.domain.com> proto=ESMTP helo=<HOMEUSER>
> Jan 27 00:40:05 kes postfix/smtpd[81143]: 70ABC33C42: client=unknown[10.10.16.18], sasl_method=CRAM-MD5, sasl_username=asdf
>
> config file:
>
> smtpd_helo_required = yes
> smtpd_reject_unlisted_sender = yes
> #smtpd_helo_restrictions = reject_unknown_helo_hostname
> #smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_sender_restrictions =
> warn_if_reject reject_unknown_sender_domain
> warn_if_reject reject_sender_login_mismatch
> warn_if_reject reject_unverified_sender
> smtpd_data_restrictions = reject_unauth_pipelining
>
>
>
> #smtpd_client_restrictions =
> # check_client_access hash:/usr/local/etc/postfix/access
>
> smtpd_recipient_restrictions =
> check_recipient_access hash:/usr/local/etc/postfix/access

put this elsewhere (such as under smtpd_sender_restrictions.. avoid
check_* before rject_unauth_destination, because an error will make you
relay mail that you wouldn't want to relay.


> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> warn_if_reject reject_unknown_recipient_domain
> warn_if_reject reject_unverified_recipient
>
>
>