Hello Postfix community, This may be a feature request. As far as I can tell it is currently not possible to verify if an authenticated user has sent email that uses a From: header (After DATA command) that does not match his/her credentials. The features https://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch allows for SMTP MAIL FROM: address to be verified with the authenticated user. However if a user spoofs From: header inside an email and leave the SMTP MAIL FROM: to be matching, it cannot be inspected or verified using any Postfix configuration parameters.
The only way I found is using some third party software https://github.com/magcks/milterfrom/ . Is it possible to include this as a feature so it is possible for large scale ISP’s to prevent any one user using another user hosted on the same server. This type of spoofing of the From: header inside the email could go unnoticed, potentially get a SPF verified delivery and/or even get a DKIM signature due to the lack of native capability to inspect and reject such misuse. Something like reject_authenticated_from_login_mismatch could be used to distinguish this configuration parameter. There may be two other minor issues that I can bring up for Postfix community to comment on 1. The mailbox_command and delivery pipe programs provided valuable environment variables such as ORIGINAL_RECIPIENT, SENDER, LOGNAME – is it possible to also provide the ESMTP ID internally as another environment variable? This is primarily to identify the delivery transaction via pipe or mailbox_command initiated (perhaps uniquely) https://www.postfix.org/postconf.5.html#mailbox_command 2. The example configuration file incorrectly states a configuration called ./conf/main.cf `default_user` which should be `default_privs` as I understand Line 455: # Exception: delivery for root is done as $default_user. Thank you for the great software from Postfix. Vijay Sarvepalli
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
