Email address (and user name to authenticate email) not matching the log in user name, totally not spoofing in my book, and in fact can be ‘required’ by some security guidelines. (You publicize your email address, it really shouldn’t be part of your security credentials, that just vastly cuts down the space needed to guess to get into the system).
There are lots of reasons a person may want multiple email addresses and several for multiple people sharing an address (like a generic support or sales address). You could have a n:n lookup to see if a given login is authorized to use a given email address, but that would also imply that you disallow the situation described. > On Aug 24, 2018, at 12:35 PM, jcdole <jcd...@free.fr> wrote: > > HEllo. > > Postfix on a local network without a real internet domain name. > The mail server is on a specific computer. > Outbound mail are delivery by using a relay [smtp.someISP.com] using tls on > port 465 > Local mail stay on the server > Less than 40 users > > In a company, a linux user (userA) need to send an email to a colleague > (userB), but he can't use his own computer and ask a colleague (userC) if he > can use his computer. The colleague say yes but ask to not log out. > userA edit his mail : > give the sender : us...@somedomain.com > give the sender name : userA > give the sender password : pass_user > give the receiver : us...@somedomain.com > > Then send the mail. > But the mail is sent under the linux account of userC which is the logged > user. > > Is it possible or not (spoofing ?). > > Any comment is welcome. > > > > -- > Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
