On Tue, Sep 16, 2008 at 09:18:42PM +0200, Henrik Friedrichsen wrote:
> > masquerading *all* sender domains is unwise, there is no reason to expect
> > equivalent name-spaces in domains you do not own. A regexp canonical
> > table can do this, with canonical_classes restricted to "envelope_sender".
> >
> > Your goals don't quite make sense yet, what real problem are you solving?
>
> Okay, let me rephrase. A few people have a shell on my server with
> mutt installed. They are allowed to send mail. However, I don't want
> them to send their mail with for example my username as the sender.
> The sender domain issue is not that much of a problem, though.
>
> An example of what I don't want:
>
> Username peter sends an email, uses "[EMAIL PROTECTED]" as the sender.
>
> Instead, I want it to be rewritten to "[EMAIL PROTECTED]".
> Is there really no solution to that? :(
This is not rewriting (a mapping from a set of input addresses to a set
of output addresses based on the input addresses).
It is anti-spoofing control, and what you are looking for is two features
that Postfix local submission lacks:
1. Only allow *trusted* users to specify the message envelope sender
addresses. All other users of sendmail(1) (really postdrop(1))
get [EMAIL PROTECTED] as the envelope sender address (subject to
further rewriting).
2. Only allow *trusted* users to specify the (Resent-)From: header
and for untrusted users, synthesize the (Resent-)From: header
from <[EMAIL PROTECTED]> and Gecos data.
These features are not in Postfix. Also not in Postix is control of
the "From:" header for SASL authenticated SMTP users. Only the envelope
sender is optionally restricted with smtpd_sender_login_maps.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
