Score:0

postfix: how to limit user (SASL login) to only one RCPT TO?

cn flag

I run mail server which receives daily reports from many systems, IoT and cloud ones. All these systems use one SASL user ([email protected]) to login to this mail server and send these reports.

All reports must go to one and only one recipient. But senders (MAIL FROM) are all different, as they are originated on different systems.

Now, if this shared login is compromised, it could be used to send spam.

Could I limit this SASL login (not sender!) to only one RCPT TO?

I know, this could be done with combination of smtpd_sender_login_maps, smtpd_sender_restrictions, restriction classes and check_recipient_access, but it requires to edit smtpd_sender_login_maps each time I need to add new source of report, as it maps senders to SASL login.

Maybe, it is possible to restrict logged user (SASL login) and not sender?

Another protection will be to automatically redirect all mail by SASL login (not sender, again!) to one and only one recipient, no matter what was in RCPT TO, maybe it is possible?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.