Sean Greenslade <s...@seangreenslade.com> writes: > On Mon, Sep 05, 2016 at 08:17:40PM +0200, Sebastian Nielsen wrote: >> Sean Greenslade: >> Thats the responsibility of the server who is authorized to act on behalf of >> that domain. > > Yes, however I am trying to make this discussion relevant to the OP's > question. Authenticating based solely on originating server puts the > authentication job onto that originating server. If that server allows > users to send mail as other users on the same domain, that is a > potential security hole, since the email parsing server does not know > what user auth'd to the mail server, only that _someone_ did. > > It may be that user spoofing isn't an issue. If it's not, then this > doesn't matter. But if the OP wants to, say, only allow certain users to > send messages to this parser, they must verify that the mail server > restricts envelope sender based on authenticated user.
Thanks to all of you for your responses! Looks like this is more complicated than I thought. A couple of things: 1. I should have said that server-side user accounts are all virtual -- postfix authenticates against the dovecot user database. Adding new user accounts isn't terribly onerous, the main thing would be getting my users to use them. No one wants to set up a new email account just to operate this thing. 2. Their usual email address are all hotmail, gmail, sina.cn, etc. Major freemail providers. Simply validating SPF against the domain won't really do that much. So maybe I should just give up and make them create local accounts. This system should be able to delete data from the database, so... I'd like to be a little bit paranoid. I also realized that I have a mailman installation on this same server, running as a transport on the same postfix installation, and I'd like to see how it does it. My guess is it fluffs on security, but let's see... Thanks again, Eric
