Hi, thank you for your response. But i don't think that any of those actually
apply to my situation. they're all restrictions applied to 'MAIL FROM:'
envelope, and as I've said earlier, I've already taken care of that and it
works fine. what I'm talking about is the 'From:' field of the message header
(not the envelope). i want to enforce matching it against the 'MAIL FROM:'
envelope. for example if the user is SASL authenticated as us...@example.com ,
she is allowed(and enforced) to use:
MAIL FROM:<us...@example.com>
Now i want to match that against the message header 'From:'. the user should
be only allowed to use something like this in the header:
From: nickname <us...@example.com>
Anything else, should be rejected.
Any ideas?Thanks in advace.
On Sunday, 3 April 2016, 14:42, Tobias <lists.zx...@otaking.se> wrote:
On 2016-04-03 04:35, Hamy wrote:
Hi I am using smtpd_sender_login_maps on submission port to enforce the
envelope 'mail from:' command, and its working as expected. the problem however
is that the user can still use any arbitrary 'From:' header field that she
wants and opendkim will happily sign it. I am looking for a way to enforce the
from: header filed to match the sasl authenticated username. ideally this
should happen before queuing so i can reject the message while smtp session is
still in progress. It is my understanding that header_checks can't be used for
this as it's functionality is very limited.
What are my options? can anyone please help? Thank you in advance
Best Regards,
A quick search uncovered four options for smtpd_sender_restrictions which you
should check.
- reject_authenticated_sender_login_mismatch
- Enforces the reject_sender_login_mismatch restriction for authenticated
clients only. This feature is available in Postfix version 2.1 and later.
-
- reject_known_sender_login_mismatch
- Apply the reject_sender_login_mismatch restriction only to MAIL FROM
addresses that are known in $smtpd_sender_login_maps. This feature is available
in Postfix version 2.11 and later.
- reject_sender_login_mismatch
- Reject the request when $smtpd_sender_login_maps specifies an owner for
the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM
address owner; or when the client is (SASL) logged in, but the client login
name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.
- reject_unauthenticated_sender_login_mismatch
- Enforces the reject_sender_login_mismatch restriction for
unauthenticated clients only. This feature is available in Postfix version 2.1
and later.
BR
Tobias
