mouss wrote:
Chris St Denis wrote:
I need to add support for (multi-recipient) aliases that are only
able to receive messages from selected users.
I was initially looking at mailman or majordomo, however from what I
understand of them, they authenticate only on the from address so it
looks like it would be easy to forge. (Correct me if this is wrong).
There is no way to prevent strangers from forging straner identities.
this is not specific to email (If I call you on the phone, I can say
that I am foo bar, provided you don't know foo bar enough to detect
the forgery).
you can enforce authentication for _your_ users. you can also refuse
mail from external servers with a sender in your domain.
so go for a mailing list manager.
I also thought of smtpd_restriction_classes however that is also
subject to easy spoofing and the documentation even says "Postfix
restriction classes aren't really the right solution"
There is no way to prevent forgery. all you can do is make it harder
by requiring a login:password. but even this only reduces risks.
So I am wondering. What IS a good way to do this. Optimally, I would
like to restrict based on the SASL username.
enforce login and sender match. then restrict based on sender.
Looking through the docs it looks like I can use smtpd_sender_login_maps
and smtpd_sender_restrictions with reject_sender_login_mismatch
However I want to apply this only to selected destination addresses and
I'm not sure how to go about this.
Can I use reject_sender_login_mismatch (or something similar) in a
recipient map?
Does smtpd_sender_login_maps have to contain all addresses on the
server, or just the ones I care about?
Optmally, I want to apply reject_sender_login_mismatch only to users
when sending to specific addresses. Reject if the check fails, but not
check for sending to anywhere else.
Dealing with forgeries from the internet isn't a big concern because
incoming mail comes in on a different ip, I can just block all incoming
mail with from: locally hosted domain. It is preventing senders from one
local domain from spoofing another for these restricted aliases that
needs protection.
