I agree. I looked at rfc4422. Treating identity in MAIL FROM command as
sasl authenticated will violate rfc itself (no auth mechanisms was
involved).
I won't be able do run smtpd_sender_login_mismatch,
smtpd_sender_login_maps checks.
But rfc4954 section 5 states:
The optional AUTH parameter to the MAIL FROM command allows
cooperating agents in a trusted environment to communicate the
authorization identity associated with individual messages.
If the server trusts the authenticated identity of the client to
assert that the message was originally submitted by the supplied
<mailbox>, then the server SHOULD supply the same <mailbox> in
an AUTH parameter when relaying the message to any other server
which supports the AUTH extension.
For this reason, servers that advertise support for this
extension MUST support the AUTH parameter to the MAIL FROM
command even when the client has not authenticated itself to the
server.
So dovecot authenticated user and relayed it's mail to postfix with
"authorization identity" in MAIL FROM:
MAIL FROM:<user@domain> AUTH=user@domain BODY=8BITMIME SIZE=1545
Does postfix support this AUTH extension ?
If it does, is it possible to run some checks against "authorization
identity" to prevent sender address forgery? (in my case user logs in
using full mail address, so usermailbox=userlogin)
