To be honest, you still likely want authentication. Keep in mind that you don't need to authenticate as a single user for roundcube but rather you can have roundcube pass authentication through from it's own user login and therefore support multiple users while also allowing postfix to support those same multiple users and see their individual logins. The point of this is that you can then use settings such as smtpd_sender_login_maps and reject_sender_login_mismatch in postfix to control individual users from roundcube.
though it's a big offtopic, may I ask that, for roundcube, how to stop users adding their own sender identity? for example, when user login as u...@domain.com, they can add the identity in roundcube interface as f...@bar.com.
It is what the previous poster was explaining to you. It isn't turn key and requires some custom SQL queries or config if using flat files. But you use permit_sasl_authenticated on submission to make sure only authenticated users can send email, then you use reject_sender_login_mismatch to make sure they can only send email that has a from address belonging to whomever is logged in through permit_sasl_authenticated. Postfix will not accept email through submission they are not authorized to send. When the user clicks the send email button they will see an error message to the effect they are not the owner of the address they are trying to use. Another less secure option is roundcube has a setting that disables the ability of users to create or edit identities in the web interface keeping them stuck using only the From: address their roundcube account was created with. $config['identities_level'] = 3; _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
