On 12/2/2009 7:34 AM, lst_ho...@kwsoft.de wrote:
Zitat von Wietse Venema <wie...@porcupine.org>:
lst_ho...@kwsoft.de:
Hello
is it possible to force a matching "From" header in the mail if
reject_sender_login_mismatch is used so the "From" header is the same
as the checked MAIL FROM address? The goal is to prevent spoofing of
the "From" header for SASL authenticated clients.
Yes, but only with external software (Milter or content filter).
Wietse
That's what i was afraid of. My idea was to use header-checks to drop
the "From:" header and let it add from cleanup again but
Yes, that will work -- ugly, but it will work. You'll need to
use the submission port with it's own header_checks (via it's
own cleanup service) since header_checks can't tell by itself
if the user has authenticated. Note the From: header added by
cleanup will contain only the envelope address.
http://www.postfix.org/header_checks.5.html says
Message headers added by the cleanup(8) daemon itself are
excluded from inspection. Examples of such message headers
are From:, To:, Message-ID:, Date:.
That refers to a missing header that has been added to the
current message by cleanup, not a pre-existing header with the
same name.
:-(
:-)
-- Noel Jones
