On 2011-08-14 18:35, Steve Fatula wrote:
----- Original Message -----
From: Jeroen Geilman<jer...@adaptr.nl>
To: postfix-users@postfix.org
Cc:
Sent: Sunday, August 14, 2011 5:14 AM
Subject: Re: Best way to not allow locally submitted email
You're stating contradictory requirements - you cannot AND allow scripts to
use sendmail to submit mail for user X, AND disallow user X to submit mail as
user X.
Just put your script users in authorized_submit_users, and enforce SMTP for
everyone else.
The sendmail binary allows a user to do too many things they should not be
allowed to. I can send mail FROM you for example. The restrictions on sender
address that apply to authenticated email does not apply, of course, since they
are not authenticated! So, perhaps the best solution is to use something like
msmtp so that mail from the command line goes through normal authenticated
channels, and thus, I CAN achieve my goals.
Nobody says you cannot achieve your goals.
I merely pointed out that you were asking contradicting things of
sendmail(1).
Now, I would look for a way to force everybody that is not
administrator-controlled to use authenticated SMTP even from localhost,
and disallow sendmail for normal users.
How is that different from what you said ?
--
J.
