I want to force senders to use an envelope sender address that's identical to the SASL login username. From the Postfix SASL README I see I should list, in the smtpd_sender_login_maps option, a hash table that has two identical columns and list all valid e-mails, and also specify reject_sender_login_mismatch in smtpd_recipient_restrictions.
But I have MySQL virtual domains and users table, and things aren't like that. For users, I have the following:
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
Where the contents of mysql-virtual_mailboxes.cf is like this:
user = dbuser
password = dbpass
dbname = mail
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
hosts = dbhost
This returns something like domainname.com/userpart/ for email userpart@domainname.com. That's not listed in the allowed formats in the Postfix documentation.
Should I change the query for a different output format or can I just add reject_sender_login_mismatch to smtpd_recipient_restrictions and the restriction will work? I'm trying the following options:
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_sender_login_mismatch, reject_unknown_sender_domain, permit
