Matt Kinni:
> My goal is to carve out an exception for this process that doesn't
> compromise the overall security of my server, or allow any local users
> to spoof the FROM address of any other user without needing to login
> (whilst allowing setroubleshootd to do exactly that).
>
> The solution I came up with was to define a special smtp service in
> master.cf that bypasses the usual checks:
>
> 127.0.0.1:2525 inet n - n - - smtpd
I see that the sender runs on the same machine as Postfix. Can the
sender be configured to use /bin/mail, mailx, or /usr/sbin/sendmail
instead of using SMTP?
Submission through /usr/sbin/sendmail (and therefore /bin/mail and
mailx) can be restricted with authorized_submit_users and spoofing
can be restricted with local_login_sender_maps (Postfix 3.6).
Wietse
