On Tuesday 20 December 2011 22:07:04 Bartłomiej Romański wrote:
> Is there a way to restrict the "From" field for messages sent with
> the command line tool "mail"?
>
> For messages sent with SMTP we can simply do this:
>
> http://www.postfix.org/SASL_README.html#server_sasl_authz_envelope
Note, this is controlling the envelope sender, not the From: header.
> and it works fine, but users can execute:
>
> mail t...@test.test -a 'From:
> some-other-u...@some-other-domain.com'
>
> or:
>
> cat mail.txt | /usr/sbin/sendmail -t t...@test.test
UUOC, '/usr/sbin/sendmail -t t...@test.test < mail.txt' :)
> where mail.txt contains:
>
> From: some-other-u...@some-other-domain.com
> Subject: ble, ble, ble...
>
> ble, ble, ble...
>
> ...and the message will be delivered with fake 'From' address. I've
> already set "mynetworks" to the empty list, but it works only for
> messages sent with SMTP not for local mail send with "mail" or
> "sendmail".
>
> Any ideas?
In order of preference:
1. Get rid of untrusted shell users. If you cannot trust them to
follow the policies you have set, you definitely do not want them
running commands on your system.
2. Limit shell users' access to sendmail(1) using
authorized_submit_users:
authorized_submit_users = root, you[, ... ]
http://www.postfix.org/postconf.5.html#authorized_submit_users
3. Alternatively, you could limit access to sendmail(1) using
filesystem permissions, but this might break in an upgrade.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
