*) You should remove it from Postfix, that's why you need this plugin for per-user restriction.
It works now. I just updated the plugin a little:
"""Reject sender login mismatch (sender in mail header and SASL username)."""
from libs import SMTP_ACTIONS
REQUIRE_LOCAL_SENDER = False
REQUIRE_LOCAL_RECIPIENT = False
SENDER_SEARCH_ATTRLIST = 
RECIPIENT_SEARCH_ATTRLIST = 
# Allow sender login mismatch for below senders.
ALLOWED_SENDERS = ['firstname.lastname@example.org']
# The sender appears in 'From:' header.
sender = kwargs['sender']
# Username used to perform SMTP auth
sasl_username = kwargs['smtp_session_data'].get('sasl_username', '').lower()
logging.debug('Sender: %s, SASL username: %s' % (sender, sasl_username))
if sasl_username: # Is a outgoing email
# Compare them
if sender != sasl_username:
if sasl_username in ALLOWED_SENDERS:
# Log message without reject.
logging.info('Sender login mismatch.')
# Reject without reason.
# Reject with reason.
# There must be a space between smtp action and reason text.
return SMTP_ACTIONS['reject'] + ' ' + 'Sender login mismatch.'
Within the "else" tree, there was no return statement active.
So it always returned SMTP_ACTIONS['default'] even if it should have returned SMTP_ACTIONS['reject'].
Thank you very much! A very nice feature!