On 12/26/2011 6:33 PM, Wietse Venema wrote: > Bart?omiej Roma?ski: >>> 2. Limit shell users' access to sendmail(1) using >>> authorized_submit_users: >> >> That would break, for example, the 'at' command. It would like to >> allow my users to send emails. I just want to prevent them from faking >> "sender" header. >> >>> 3. Alternatively, you could limit access to sendmail(1) using >>> filesystem permissions, but this might break in an upgrade. >> >> The same problem as above. > > There exists no Postfix equivalent of smtpd_sender_login_maps for > command-line submissions. There has not been sufficient justfication > in fifteen years to write the code for it, and to maintain that > code for eternity. > > Wietse
The BOFH solution is a custom cleanup_service_name with alternate header_checks on the pickup service that removes user-supplied From: headers. Postfix will supply a standard header based on the UID. Something like: # master.cf pickup fifo n - n - 1 pickup -o cleanup_service_name=pickup_cleanup pickup_cleanup unix n - n - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks_pickup # header_checks_pickup /^From: / IGNORE user-supplied From: header not allowed -- Noel Jones