On 2024-06-18 10:40, postfix--- via Postfix-users wrote:
To be honest, you still likely want authentication. Keep in mind
that you don't need to authenticate as a single user for roundcube
but rather you can have roundcube pass authentication through from
it's own user login and therefore support multiple users while also
allowing postfix to support those same multiple users and see their
individual logins. The point of this is that you can then use
settings such as smtpd_sender_login_maps and
reject_sender_login_mismatch in postfix to control individual users
from roundcube.
though it's a big offtopic, may I ask that, for roundcube, how to stop
users adding their own sender identity? for example, when user login
as u...@domain.com, they can add the identity in roundcube interface
as f...@bar.com.
It is what the previous poster was explaining to you. It isn't turn key
and requires some custom SQL queries or config if using flat files. But
you use permit_sasl_authenticated on submission to make sure only
authenticated users can send email, then you use
reject_sender_login_mismatch to make sure they can only send email that
has a from address belonging to whomever is logged in through
permit_sasl_authenticated.
Postfix will not accept email through submission they are not
authorized to send. When the user clicks the send email button they
will see an error message to the effect they are not the owner of the
address they are trying to use.
Another less secure option is roundcube has a setting that disables the
ability of users to create or edit identities in the web interface
keeping them stuck using only the From: address their roundcube account
was created with.
$config['identities_level'] = 3;
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Great to know the info.
Thanks Peter!
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
