Dominik Chilla: > Hello together, > > my postfix setup (submission-relay only!) requires an authenticated > (SMTP-AUTH plain/login) sender. Further it checks if the envelope-sender > matches the authenticated user-id by using sender_login_maps in > conjunction with LDAP. In envelope context this is a very usefull and > important feature, but it doesn?t prevent one to use a different email > address in the RFC5322-From header. So why not thinking about something > like rfc5322_from_login_maps? > > Alternatively a restriction > "reject_rfc5322_from_envelope_sender_mismatch" (or the like) would be > thinkable.
Do you have a design for that? Note that most reject_mumble features are designed to block mail BEFORE the "DATA" command, whereas the message header is received AFTER the DATA command. You might be better off implementing this with a Milter In Postfix: require that MAIL FROM matches SASL login In Milter: require that MAIL FROM matches From: header. > Of course this could be done by a content scanner like > Amavis/Spamassassin, but I?m looking for a pure-postfix solution ;) Postfix does not have to implement all possible content restrictions, that is what Milters and Amavis/Spamassassin are for. Wietse