1

Topic: Remove 'reject_sender_login_mismatch' and security

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Linux/BSD distribution name and version:  Ubuntu 12.04 LTS
- Related log if you're reporting an issue:
====

If in the file "/etc/postfix/main.cf" in the option of "smtpd_sender_restrictions" you remove the value 'reject_sender_login_mismatch', does not make the system less secure?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Remove 'reject_sender_login_mismatch' and security

Please refer to Postfix document to see what it means:
http://www.postfix.org/postconf.5.html# … n_mismatch

3 (edited by Gistek-s 2013-03-01 16:15:18)

Re: Remove 'reject_sender_login_mismatch' and security

In case this post helps anyone...

reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner;
or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.

smtpd_sender_login_maps (default: empty)
Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses.
Specify zero or more "type:table" lookup tables. With lookups from indexed files such as DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following search operations are done with a sender address of user@domain:
1) user@domain
    This table lookup is always done and has the highest precedence.
2) user
    This table lookup is done only when the domain part of the sender address matches $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.
3) @domain
    This table lookup is done last and has the lowest precedence.
In all cases the result of table lookup must be either "not found" or a list of SASL login names separated by comma and/or whitespace.


sender_login_maps.cf default code with iRedMail-8.0.3:

user        = xxxxx
password    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
hosts       = xxx.x.x.x
port        = xxxx
dbname      = xxxxx
query       = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.e$