postfix – how to prevent users from sending with another users name

Zulakis asked:

Even though my postfix server cannot be used without authentification (open relay), sending mail in another users name after logging in is still possible like this:

EHLO domain.org
auth plain eW91IGxpdHRsZSBkaXJ0eSBiYXN0YXJkIDstKQ==
235 2.7.0 Authentication successful
mail from: otheruser@domain.org
250 2.1.0 Ok
rcpt to: recipient@otherdomain.org
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Please send me your account info.
.
250 2.0.0 Ok: queued as D40692A61AA
quit

How can this be prevented?

My answer:


In your

smtpd_sender_restrictions =

you should have (possibly among other things):

        reject_authenticated_sender_login_mismatch,

You must have smtpd_sender_login_maps defined to provide a username to email address mapping.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.