Discussion:
DSN only for SASL-Authenticated users ?
(too old to reply)
Marek Salwerowicz
2016-07-20 10:09:24 UTC
Permalink
Hi list,

I have disabled globally DSN in my main.cf:
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/dsn_access

/etc/postfix/dsn_access:

# block folllowing
0.0.0.0/0 silent-discard, dsn
::/0 silent-discard, dsn


Would it be possible to allow "outgoing" DSN only for my
(sasl-authenticated) users?


Cheers,

Marek
Wietse Venema
2016-07-20 10:53:54 UTC
Permalink
Post by Marek Salwerowicz
Hi list,
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/dsn_access
# block folllowing
0.0.0.0/0 silent-discard, dsn
::/0 silent-discard, dsn
Would it be possible to allow "outgoing" DSN only for my
(sasl-authenticated) users?
No. As defined in RFC 1869, extension negotiation (AUTH, 8BITMIME,
DSN, ...) happens BEFORE authentication.

It might be possible to have a different discard_ehlo_keyword feature
after STARTTLS, but there hasn't been overwhelming demand,

Wietse
/dev/rob0
2016-07-20 17:10:55 UTC
Permalink
Post by Marek Salwerowicz
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/dsn_access
# block folllowing
0.0.0.0/0 silent-discard, dsn
::/0 silent-discard, dsn
Would it be possible to allow "outgoing" DSN only for my
(sasl-authenticated) users?
It is if your users' submission is completely separate from MX
("incoming") mail.

main.cf:

smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/dsn_access
smtpd_relay_restrictions = reject_unauth_destination
mua_relay_restrictions = permit_sasl_authenticated,
reject

master.cf:

submission inet n - n - - smtpd
-o smtpd_discard_ehlo_keyword_address_maps=
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o smtpd_recipient_restrictions=
... (the other option overrides as you probably already have)

Thus users will be unable to submit mail on port 25 except for mail
to your other users.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Continue reading on narkive:
Loading...