I'm running a fresh zimbra 8.8.10 server with enforcement between from address and sasl username configured as explained here : https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5.
I understand that the recommended way to add extra allowed addresses is:
- zimbraAllowFromAddress for external addresses ;
- grant to sendAs for local account ;
- grant to sendAsDistList for local distribution list.
It works as expected from the web interface, but when using an external mailer, the MTA deny with "Sender address rejected: not owned by user".
That's make sense when you read at the code in /opt/zimbra/conf/ldap-slm.cf, nothing match permission granted in user or list accounts.
If I understand correctly, it works in the web interface, because the MTA trust the network via permit_mynetworks, so the checks are bypassed.
Currently, I worked that around with a slm-exceptions-db. But, I need to keep this file sync with granted permission to user and list accounts. Not to mention, that slm-exceptions-db overrides values defined in ldap config, so the merge is not trivial.
Is it an expected behavior? Did I miss a better way to configure this?