On Tue, Sep 16, 2008 at 03:45:52PM -0400, Victor Duchovni wrote:
> On Tue, Sep 16, 2008 at 09:18:42PM +0200, Henrik Friedrichsen wrote:
>
> > > masquerading *all* sender domains is unwise, there is no reason to expect
> > > equivalent name-spaces in domains you do not own. A regexp canonical
> > > table can do this, with canonical_classes restricted to "envelope_sender".
> > >
> > > Your goals don't quite make sense yet, what real problem are you solving?
> >
> > Okay, let me rephrase. A few people have a shell on my server with
> > mutt installed. They are allowed to send mail. However, I don't want
> > them to send their mail with for example my username as the sender.
> > The sender domain issue is not that much of a problem, though.
> >
> > An example of what I don't want:
> >
> > Username peter sends an email, uses "[EMAIL PROTECTED]" as the sender.
> >
> > Instead, I want it to be rewritten to "[EMAIL PROTECTED]".
> > Is there really no solution to that? :(
>
> This is not rewriting (a mapping from a set of input addresses to a set
> of output addresses based on the input addresses).
>
> It is anti-spoofing control, and what you are looking for is two features
> that Postfix local submission lacks:
>
> 1. Only allow *trusted* users to specify the message envelope sender
> addresses. All other users of sendmail(1) (really postdrop(1))
> get [EMAIL PROTECTED] as the envelope sender address (subject to
> further rewriting).
>
> 2. Only allow *trusted* users to specify the (Resent-)From: header
> and for untrusted users, synthesize the (Resent-)From: header
> from <[EMAIL PROTECTED]> and Gecos data.
How do I set that rule?
>
> These features are not in Postfix. Also not in Postix is control of
> the "From:" header for SASL authenticated SMTP users. Only the envelope
> sender is optionally restricted with smtpd_sender_login_maps.
The users are not SASL authenticated..
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[EMAIL PROTECTED]>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
