Do you have a design for that? Note that most reject_mumble features
are designed to block mail BEFORE the "DATA" command, whereas the
message header is received AFTER the DATA command.

You might be better off implementing this with a Milter

In Postfix: require that MAIL FROM matches SASL login

In Milter: require that MAIL FROM matches From: header.
Postfix does not have to implement all possible content restrictions,
that is what Milters and Amavis/Spamassassin are for.

Wietse

IIRC Christian wrote a MILTER that does exactly what you want about two years
ago. I'm not sure if he's willing or able to release it as open source.

***@rick

Yes ;-) Thanks for pointing that out

https://github.com/croessner/vrfydmn

Christian

still no gentoo ebuild :(

Hello Wietse,

thanks for your reply...
I´m aware of this fact, but what about smtpd_data_restrictions? What is
the goal of this restriction class? IMO that restriction could be
implemented there. Comparing two email addresses doesn´t look to me too
exotic, no matter in which SMTP step they appear.

A milter application would also need to consume that whole headers stuff
after DATA command, push it into the private-milter-blob after each
milter-phase to finaly compare the addresses to fulfill this
requirement. Additionally, each milter causes overhead, which causes
further delay and multiple resource consumption for each milter and so
on... but that´s nothing new. I´m a big fan of milters, but not in any case.
I expected an answer like this, nevertheless I wanted to give it a try
;) This idea came up after seeing an m$ exchange smtp-connector
rejecting such "forged" emails.
Thanks for the discussion. I appreciate your work very much!
Dominik

@ Patrick/Christian: Big thanx :)

You're thinking of smtpd_end_of_data_restrictions, but there still
your idea has a problem: smtpd is not examining the DATA, but merely
passing it along to cleanup(8). The cleanup service is where the
only native Postfix content checking (header and body checks, see the
header_checks(5) manual and BUILTIN_FILTER_README) is done.
The idea of mumble in smtpd_mumble_restrictions is that restrictions
can be imposed at any point in the SMTP dialogue. The
smtpd_data_restrictions are evaluated when the client issues the
"DATA" command.
With a major rewrite of smtpd, or another hook into cleanup. This
doesn't sound like a good idea to me.
Except that all the DATA payload would have to be parsed and the
headers From: and Sender: would have to be identified.
Milters exist for this purpose. They do that.
Your idea would bloat smtpd, and while not running as a separate
process, it certainly would cause more overhead.
Postfix is not necessarily the best MTA for all use cases. For
integrated content filtering, Sendmail and Exim can sometimes be
superior. They have the benefit (and drawback!) of doing the whole
job in a single monolithic binary. So content filtering decisions
can be made while mindful of what was decided prior to DATA.

/dev/rob0:
[ Charset ISO-8859-1 converted... ]
Presumably this would be done in the cleanup daemon (compare
rfc5321.from with rfc5322.from). I don't think that 'it can be done
in Postfix' means that doing so is necessarily a good idea.

Wietse

Yes, I ment something like xxx_end_of_data_restrictions. As I´m not sooo
familiar with the code, an idea must not be understood as a proposal for
a "nearly perfect" solution/implementation. Taking under attention that
the cleanup daemon already has the capabilities to perform
header_checks... I think it will be an interesting experience to write a
patch ;)
That´s an argument!

Absolutely correct :)
Dominik

I took that suggestion and had a deeper look in OpenDKIM today.
Parsing RFC5322.From /is/ complicated. But for my feeling OpenDKIM does that job very well.

OpenDKIM has the ability to do such checks in a very convenient way.
We may do lookup in static files, databases and even LDAP.

I would like to see it very similar to http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
Lookup one RFC5322.From (Key) and check if one or more SASL Users (Values) are authorized.

But, what are the use-cases?

- RFC3522.From matches exact sasl_user
- RFC5322.From domain matches sasl users domain-part
- RFC5322.From is authorized by one ore more sasl users

...

Andreas

Besides "xxx_end_of_data_restrictions", "rfc5322_from_login_maps" was
one of the key aspects of my original question ;)
Implies that your users authenticate with their email address only ->
bijective mapping, IMO this would be perfect for human senders with only
one email address. In this use cases, a person would not be able to use
additional/alias addresses as sender.
Sounds useful if you want to "soften" a strict submission-policy.
Downside: within same domain, sender A will still be able to send as
sender B. But, the core statement of my original question was to prevent
this ;)
Could be used for automated application/script based senders like
***@example.org -> surjective mapping of sasl-user and sender-address.
Further this could be a solution for the flexibility problem of use-case
"RFC3522.From matches exact sasl_user".
Thanx,
Dominik