The FROM_ACCESS mapping table may be used to control who can send mail, or to override purported From: addresses with authenticated addresses, or both.
The input probe string to the FROM_ACCESS mapping table is similar to that for a MAIL_ACCESS mapping table, minus the destination channel and address, and with the addition of authenticated sender information, if available. Thus if a FROM_ACCESS mapping table exists, then for each attempted message submission PMDF will probe the table with a probe string of the form (note the use of the vertical bar character, |)
port_access-probe-info|app-info|submit-type|src-channel|from-address|auth-fromHere
port_access-probe-info consists of all the
information usually included in a PORT_ACCESS mapping table probe in
the case of incoming SMTP messages, or will be blank otherwise, and
app-info will usually be SMTP in the case of
messages submitted via SMTP, and blank otherwise.
submit-type may be one of MAIL, SEND, SAML, or
SOML, corresponding to how the message was submitted into PMDF.
Normally the value is MAIL, meaning it was submitted as a message;
SEND, SAML, or SOML can occur in the case of broadcast requests (or
combined broadcast/message requests) submitted to the SMTP server.
src-channel is the channel originating the
message (i.e., queueing the message);
from-address is the address of the message's
purported originator; and auth-from is the
authenticated originator address, if such information is available, or
blank if no authenticated information is available.
Now, if the probe string matches a pattern (i.e., the left hand side of an entry in the table), then the resulting output of the mapping is checked. If the output contains the flags $Y or $y, then the enqueue for that particular To: address is permitted. If the mapping output contains any of the flags $N, $n, $F, or $f, then the enqueue to that particular address is rejected. In the case of a rejection, optional rejection text may be supplied in the mapping output. This string will be included in the rejection error PMDF issues.² If no string is output (other than the $N, $n, $F, or $f flag), then default rejection text will be used. See Table 16-1 for descriptions of additional flags.
Besides determining whether to allow a message to be submitted based on
the originator, FROM_ACCESS can alter be used to alter the envelope
From: address or Sender: header address on an accepted message. At the
simplest level, this mapping table can perform the same function as the
authrewrite channel keyword; see Section 2.3.4.43 . For
instance, the following FROM_ACCESS mapping table is equivalent to
having authrewrite 2 on the tcp_local channel.
FROM_ACCESS *|SMTP|*|tcp_local|*| $Y *|SMTP|*|tcp_local|*|* $Y$K$3
However, the real purpose of FROM_ACCESS is to permit more complex and subtle alterations. For instance, perhaps you wish to force on a Sender: header only in cases where the addresses differ, with subaddresses not being considered to constitute a difference, as illustrated in the following table:
FROM_ACCESS ! If no authenticated address is available, do nothing *|SMTP|*|tcp_local|*| $Y ! If authenticated address matches envelope From:, do nothing *|SMTP|*|tcp_local|*|$2* $Y ! If authenticated address matches envelope From: sans subaddress, do nothing *|SMTP|*|tcp_local|*+*@*|$2*@$4* $Y ! Fall though to... ! ...authenticated address present, but didn't match, so force Sender: header *|SMTP|*|tcp_local|*|* $Y$K$3