On 2020-08-09 21:52 BST, Ansgar Wiechers wrote: > On 2020-08-09 Nick wrote: > > For mail sent via submission it's possible to prevent a forged > > mail-from, by using options on the submission service in master.cf. > > > > It's also possible to prevent a forged header-from, by using a > > submission-specific cleanup service, as in the BUILTIN_FILTER_README. > > > > But these don't work for mail originating locally via the sendmail > > command. What does work for that? > > Nothing. The sendmail command submits mail via pickup, i.e. puts it as a > file into a particular directory from which the pickup daemon then reads > the file. The usual filters don't apply to that. > > What you can do is disable pickup entirely so that even local users are > required to submit mail via SMTP (on localhost).
Thanks. I have an idea which is probably infeasible... In the OVERVIEW document, the path for local sendmail is shown as sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> cleanup(8) -> incoming I would like to have a postconf(5) parameter such as "local_via_submission = yes" which changes that path to something like sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) -> cleanup(8) -> incoming where the smtpd(8) process is the submission service. Since postfix already knows who submitted the mail, smtpd regards it as already authenticated in this case. The locally submitted mail now has the benefit of all the usual filters available to smtpd. Perhaps I could have that in time for Christmas? Thanks, -- Nick
