On Saturday 12 January 2019 16:48:24 Viktor Dukhovni wrote: > > On Jan 12, 2019, at 1:50 PM, Pali Rohár <[email protected]> wrote: > > > > Is there any option for postdrop which may be equivalent to > > smtpd_sender_login_maps option used for sasl? > > No, because there's no workable way to reject local submission, so > all you can do is accept and perhaps rewrite.
postdrop already supports authorized_submit_users, so it already deals with rejecting local submission. So I thought that some allowed sender map could be supported by postdrop and rejection would be done in same way as for option authorized_submit_users. > Also any such mechanism > would break .forward files and similar data flows where local submission > is used is process and re-inject external email for delivery. > > If you have untrusted local users, on a machine that also accepts email > via SMTP, you'd need multiple postfix instances, with a null-client > used for local submission, and the real MTA using a separate instance. > In the null-client you could define a content-filter that rewrites the > envelope sender based on the uid recorded by postdrop in the topmost > received header. You could even rewrite the From: header, but ideally > taking "Resent-From" into account, and rewriting that instead when > present. I use "mutt", whose "bounce" feature resends a message to > a new recipient, while keeping the "From:" header, and adding a > "Resent-From". > > > Is there any such option? > > No, but you can apply content filters or milters to local submission. > > > And similarly, is there sender_bcc_maps option for postdrop, but based > > on unix user which invoked /usr/bin/sendmail wrapper? > > No, but content filters or milters can modify the message envelope. If you mean external content filters, I wanted to avoid using them. And it is really possible for milter to get unix user who invoked postdrop or sendmail wrapper? If yes, how? Because I thought that milter operates on SMTP where is no unix user anymore... -- Pali Rohár [email protected]
signature.asc
Description: PGP signature
