I installed postfix, everything seems to be ok, except that user can send
mail chcnging mail from:, I changed restrictions not to let to do it:
smtpd_sender_restrictions =
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_non_fqdn_sender
and
smtpd_sender_login_maps = mysql:/etc/mail/mysql_access.cf
So in this setings user can`t send mail, mailer sends him "Sender address
rejected: not logged in (in reply to end of DATA command"
and in maillog i got :
"NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 553 seba@mydoamian.net:
Sender address rejected: not logged in; from=<seba@mydoamian.net>
to=<seba@mydoamian1.net> proto=ESMTP helo=<localhost>"

In mysql/log i see that correct query was sending to mysql, if i type that
query everything is ok
I don`t know what to do
My postconf -n
postconf -n
alias_maps = hash:/etc/mail/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/mail
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_privs = nobody
default_process_limit = 3
disable_vrfy_command = yes
header_checks = regexp:/etc/mail/header_checks
home_mailbox = Maildir
inet_interfaces = $myhostname, localhost
local_destination_concurrency_limit = 2
mail_name = PLD - $myhostname
mail_owner = postfix
mailbox_size_limit = 100000000
maps_rbl_domains = relays.ordb.org
maximal_queue_lifetime = 3d
message_size_limit = 10000000
mydestination = 1mydoamian.net
mydomain = $myhostname
myhostname = 2mydoamian.net
mynetworks = 127.0.0.0/8
myorigin = $myhostname
queue_directory = /var/spool/postfix
queue_run_delay = 30m
relay_domains = 1mydoamian.net
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name. We block/report all spam.
smtpd_client_restrictions = permit_sasl_authenticated,reject_rbl_client
relays.ordb.org,reject_rbl_client dnsbl.njabl.org
smtpd_error_sleep_time = 5
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_recipient_limit = 10
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject _unknown_recipient_domain,reject_unauth_destinatio n,reject_non_fqdn_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = mysql:/etc/mail/mysql_access.cf
smtpd_sender_restrictions = reject_sender_login_mismatch,
permit_sasl_authenticated, reject_non_fqdn_sender
smtpd_soft_error_limit = 30
smtpd_tls_cert_file = /etc/ssl/mail/apache.crt
smtpd_tls_key_file = /etc/ssl/mail/apache.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
unknown_address_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = mysql:/etc/mail/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:62
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = mysql:/etc/mail/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/mail/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 62
virtual_transport = virtual
virtual_uid_maps = static:62

rafal brzoskowski wrote:
> I installed postfix, everything seems to be ok, except that user can send
> mail chcnging mail from:, I changed restrictions not to let to do it:
> smtpd_sender_restrictions =
> reject_sender_login_mismatch,
> permit_sasl_authenticated,
> reject_non_fqdn_sender
> and
> smtpd_sender_login_maps = mysql:/etc/mail/mysql_access.cf
> So in this setings user can`t send mail, mailer sends him "Sender address
> rejected: not logged in (in reply to end of DATA command"
> and in maillog i got :
> "NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 553 seba@mydoamian.net:
> Sender address rejected: not logged in; from=<seba@mydoamian.net>
> to=<seba@mydoamian1.net> proto=ESMTP helo=<localhost>"
>
> In mysql/log i see that correct query was sending to mysql, if i type that
> query everything is ok
> I don`t know what to do
> My postconf -n
> postconf -n
> alias_maps = hash:/etc/mail/aliases
> biff = no
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/mail
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> default_privs = nobody
> default_process_limit = 3
> disable_vrfy_command = yes
> header_checks = regexp:/etc/mail/header_checks
> home_mailbox = Maildir
> inet_interfaces = $myhostname, localhost
> local_destination_concurrency_limit = 2
> mail_name = PLD - $myhostname
> mail_owner = postfix
> mailbox_size_limit = 100000000
> maps_rbl_domains = relays.ordb.org
> maximal_queue_lifetime = 3d
> message_size_limit = 10000000
> mydestination = 1mydoamian.net
> mydomain = $myhostname
> myhostname = 2mydoamian.net
> mynetworks = 127.0.0.0/8
> myorigin = $myhostname
> queue_directory = /var/spool/postfix
> queue_run_delay = 30m
> relay_domains = 1mydoamian.net
> setgid_group = maildrop
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name. We block/report all spam.
> smtpd_client_restrictions = permit_sasl_authenticated,reject_rbl_client
> relays.ordb.org,reject_rbl_client dnsbl.njabl.org
> smtpd_error_sleep_time = 5
> smtpd_hard_error_limit = 5
> smtpd_helo_required = yes
> smtpd_recipient_limit = 10
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject _unknown_recipient_domain,reject_unauth_destinatio n,reject_non_fqdn_recipient
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_login_maps = mysql:/etc/mail/mysql_access.cf
> smtpd_sender_restrictions = reject_sender_login_mismatch,
> permit_sasl_authenticated, reject_non_fqdn_sender
> smtpd_soft_error_limit = 30
> smtpd_tls_cert_file = /etc/ssl/mail/apache.crt
> smtpd_tls_key_file = /etc/ssl/mail/apache.key
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> unknown_address_reject_code = 550
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = $virtual_alias_maps
> virtual_alias_maps = mysql:/etc/mail/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:62
> virtual_mailbox_base = /var/mail
> virtual_mailbox_domains = mysql:/etc/mail/mysql_virtual_domains_maps.cf
> virtual_mailbox_limit = 51200000
> virtual_mailbox_maps = mysql:/etc/mail/mysql_virtual_mailbox_maps.cf
> virtual_minimum_uid = 62
> virtual_transport = virtual
> virtual_uid_maps = static:62


The error message would indicate that the user is listed in the
mysql_access.cf file, and didn't authenticate. Or the user did authenticate
and there was no match found in your mysql_access.cf file.


In your maillog file for the above example, was there an entry showing that
the user actually logged in using SASL? It would look something like:

Apr 9 14:42:50 your_hostname postfix/smtpd[10457]: 9A9072A4576: client=locaclhost[127.0.0.1],
sasl_method=DIGEST-MD5, sasl_username=seba

If not, that's the problem; he went SMTP instead of authenticated SMTP.

If he did authenticate, what is the user's SASL logname, and what does his entry
look like in the /etc/mail/mysql_access.cf file ?

--
Greg