Oliver Egginger wrote:
> Hello,
>
> I want to check the domain of the (envelope) sender address if a user is
> authenticated. Authenticated users are allowed to relay through
> our mailgate but only if they use a local sender address. I'am at a loss
> at the moment. The acl_smtp_auth ACL would be a nice place for doing
> this, but the AUTH command could happend before the MAIL FROM command
> appears, I think. Also I can't restrict everybody to local sender
> adresses, cause I want receive mail from the internet from everyone for
> our local users.
>
> At the moment I got this acl:
>
> ------------
>
> acl_check_rcpt:
>
> deny local_parts = ^.*[@%!/|] : ^\\.
>
> accept local_parts = postmaster
> domains = +local_domains
>
> require verify = sender/callout
> require verify = recipient
>
> accept domains = +relay_to_domains
> accept authenticated = *
>
> deny message = relay not permitted
>
> ---------
>
> This seems to work fine but authenticated users can use every address
> they like. How can I restrict them to local addresses (domains) ??
> Every hint would be appreciated.
acl_smtp_mail = acl_check_mail
acl_check_mail:
deny !sender_domains = +local_domains
authenticated = *
But it is overly restrictive, I think. A
warn message = X-Authenticated-Sender: $authenticated_id
authenticated = *
would be more appropriate.
Regards
Olivier
