Hello Wietse,
thanks for your reply...
On 20.07.2016 18:03, Wietse Venema wrote:
Dominik Chilla:
Hello together,
my postfix setup (submission-relay only!) requires an authenticated
(SMTP-AUTH plain/login) sender. Further it checks if the envelope-sender
matches the authenticated user-id by using sender_login_maps in
conjunction with LDAP. In envelope context this is a very usefull and
important feature, but it doesn?t prevent one to use a different email
address in the RFC5322-From header. So why not thinking about something
like rfc5322_from_login_maps?
Alternatively a restriction
"reject_rfc5322_from_envelope_sender_mismatch" (or the like) would be
thinkable.
Do you have a design for that? Note that most reject_mumble features
are designed to block mail BEFORE the "DATA" command, whereas the
message header is received AFTER the DATA command.
I´m aware of this fact, but what about smtpd_data_restrictions? What is
the goal of this restriction class? IMO that restriction could be
implemented there. Comparing two email addresses doesn´t look to me too
exotic, no matter in which SMTP step they appear.
A milter application would also need to consume that whole headers stuff
after DATA command, push it into the private-milter-blob after each
milter-phase to finaly compare the addresses to fulfill this
requirement. Additionally, each milter causes overhead, which causes
further delay and multiple resource consumption for each milter and so
on... but that´s nothing new. I´m a big fan of milters, but not in any case.
You might be better off implementing this with a Milter
I expected an answer like this, nevertheless I wanted to give it a try
;) This idea came up after seeing an m$ exchange smtp-connector
rejecting such "forged" emails.
In Postfix: require that MAIL FROM matches SASL login
In Milter: require that MAIL FROM matches From: header.
Of course this could be done by a content scanner like
Amavis/Spamassassin, but I?m looking for a pure-postfix solution ;)
Postfix does not have to implement all possible content restrictions,
that is what Milters and Amavis/Spamassassin are for.
Thanks for the discussion. I appreciate your work very much!
Wietse
Dominik
