I appreciate your comment, wietse. I will go the Milter way. On Wed, Feb 11, 2015 at 9:46 PM, Wietse Venema <[email protected]> wrote:
> Mohammad Isargar: > > Hi there, > > > > We have a situation where Postfix installed with a single domain, > serving a > > subnet of local LAN users and SASL authentication enforced in order to > send > > emails. > > > > Even though that we know that the actual sender can be found by checking > > full email headers, but one of our security requirements is that the > > "local" senders should not be able to use an arbitrary From: header to > send > > emails, and the value of this header must be the same as MAIL FROM (or > > envelope) address. > > > > Is any solution around this with Postfix? > > This may be done with a Milter that replaces the From: header (or > takes some other action) when the From: address differs from the > envelope address. This looks only at the envelope sender and > the message header, and the performance impact should be small. > > Milters can be implemented in Python (pymilter), Perl (Sendmail::Milter), > and in a variety of other languages. For a catalog of Milters see > https://www.milter.org/milters > > It can also be done with an SMTP-based content filter, but there > is more potential for making mistakes because you have full access > to everything. > > Wietse >
