Patrick wrote:
I have Postfix set up using virtual domains with sasl enabled such that to
send an e-mail they need to login with "usern...@domain.com".
As it is, however, when a user logs in to the smtpd, they can thereafter
treat my mail server as an open relay & forge their "Mail From" address to
come from anything, even another user on the mail server.
Is it possible to have postfix reject any "Mail From" address which is
different than the one they used to log in with?
If you can create a map of which sender address(es) a given SASL login
may use, you can enforce the above with the following sender restrictions:
- reject_sender_login_mismatch
- reject_authenticated_sender_login_mismatch
- reject_unauthenticated_sender_login_mismatch
