From: mouss (no email)
Date: Tue Nov 01 2005 - 04:06:07 EST
Rich Wales a écrit :
> My home mail server requires SASL authentication in order to submit
> an outgoing message.
>
> Is there a way for me to require the sender's address to match the
> authenticated value? For example, if a user authenticates himself
> as "fred" on smtpserver.example.tld, I would want to accept =only=
> mail for which the MAIL FROM: address is "".
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch
> If possible, I'd like to go one step further and also require that
> the address in the "From:" header line should match the authenticated
> user's identity. Is this possible? (I realize such a restriction
> could only be enforced after a DATA command has been issued and the
> actual message has been received.)
This would require a content filter (I mean writing one or patching one
to add that).
but it is generally a bad idea to put such requirements on the From header.
and then, what if they forge a Reply-To header?
If your goal is to fight forgeries, then make that a company/site policy
(no need to enforce it by technical means)
>
> I realize that doing either or both of these things will not, in
> and of itself, block all forgery of mail -- but I'd still like to
> be able to do it if there's a way.
do the envelope part, but not the header part.
|
|
|