Ah yes, you're right.
same header against the envelope or authenticated username.
but I've yet to find a way to make it work. If there's some generic
Milter around that can run simple scripts that could work to bounce. Or
Post by HamyHi, thank you for your response. But i don't think that any of those
actually apply to my situation.
they're all restrictions applied to 'MAIL FROM:' envelope, and as I've
said earlier, I've already taken care of that and it works fine. what
I'm talking about is the 'From:' field of the message header (not the
envelope). i want to enforce matching it against the 'MAIL FROM:'
envelope. for example if the user is SASL authenticated as
Now i want to match that against the message header 'From:'. the user
Anything else, should be rejected.
Any ideas?
Thanks in advace.
Hi
I am using /smtpd_sender_login_maps/ on submission port to enforce
the envelope 'mail from:' command, and its working as expected. the
problem however is that the user can still use any arbitrary 'From:'
header field that she wants and opendkim will happily sign it. I am
looking for a way to enforce the from: header filed to match the sasl
authenticated username. ideally this should happen before queuing so
i can reject the message while smtp session is still in progress.
It is my understanding that /header_checks/ can't be used for this as
it's functionality is very limited.
What are my options? can anyone please help?
Thank you in advance
Best Regards,
A quick search uncovered four options for *smtpd_sender_restrictions*
which you should check.
*reject_authenticated_sender_login_mismatch*
Enforces thereject_sender_login_mismatch
<http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch>restriction
for authenticated clients only. This feature is available in
Postfix version 2.1 and later.
*reject_known_sender_login_mismatch*
Apply thereject_sender_login_mismatch
<http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch>restriction
only to MAIL FROM addresses that are known in
$smtpd_sender_login_maps
<http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps>.
This feature is available in Postfix version 2.11 and later.
*reject_sender_login_mismatch*
Reject the request when $smtpd_sender_login_maps
<http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps>specifies
an owner for the MAIL FROM address, but the client is not (SASL)
logged in as that MAIL FROM address owner; or when the client is
(SASL) logged in, but the client login name doesn't own the MAIL
FROM address according to $smtpd_sender_login_maps
<http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps>.
*reject_unauthenticated_sender_login_mismatch*
Enforces thereject_sender_login_mismatch
<http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch>restriction
for unauthenticated clients only. This feature is available in
Postfix version 2.1 and later.
BR
Tobias