NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-01

Re: How to enforce users send email with the real from address

From: AlxFrag (alxfraggmail.com)
Date: Tue Jan 15 2008 - 06:24:01 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mouss wrote:
> AlxFrag wrote:
>> mouss wrote:
>>> AlxFrag wrote:
>>>> Hi,
>>>>
>>>> i'd like to ask if it is possible to enforce the limitation
>>>> described in the following example:
>>>>
>>>> one of my users logs in as myusermydomain. He can send emails
>>>> through my mail server using any "from address" he wants.
>>>> Can i force him to use only the "myusermydomain" as from address
>>>> in order to be able to send emails through my smtp server?
>>>
>>> you need to use authentication and:
>>>
>>> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
>>> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
>> Thanks for your reply.
>>
>> In main.cf i've put:
>> *******************
>> smtpd_sender_restrictions=check_sender_access
>> hash:/etc/postfix/block_senders, hash:/etc/postfix/my_domains
>>
>> smtpd_sender_login_maps=ldap:/etc/postfix/local_recipients.cf
>>
>> smtpd_restriction_classes=verify_login
>>
>> verify_login=reject_sender_login_mismatch
>> *******************
>>
>> In my_domains:
>>
>> mydomain1 verify_login
>> mydomain2 verify_login
>>
>> Using this configuration, user1mydomain1 cannot pretend he is
>> user2mydomain1 or he is anyusermydomain1 or anyusermydomain2.
>>
>> The problem is that he can pretend he is anyuserany_other_domain.
>
> Then why use the restriction class...
>
> smtpd_sender_login_maps = ldap:/etc/postfix/local_recipients.cf
> smtpd_sende_restrictions = reject_sender_login_mismatch
>
ok,

i've now removed the restriction class and myserdomain1 cannot pretend
he is anyuserany_other_domain but,

my users cannot receive emails from other domains.

Postfix logs show:

Jan 15 14:13:17 posidon postfix/smtpd[4765]: NOQUEUE: reject: RCPT from
foreign_domain[foreign_ip]: 553 5.7.1 <foreign_userforeign_domain>:
Sender address rejected: not logged in;
from=<foreign_userforeign_domain> to=<myusermydomain> proto=ESMTP
helo=<foreign_domain]

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]