Dominik Chilla:
> Hello together,
>
> my postfix setup (submission-relay only!) requires an authenticated
> (SMTP-AUTH plain/login) sender. Further it checks if the envelope-sender
> matches the authenticated user-id by using sender_login_maps in
> conjunction with LDAP. In envelope context this is a very usefull and
> important feature, but it doesn?t prevent one to use a different email
> address in the RFC5322-From header. So why not thinking about something
> like rfc5322_from_login_maps?
>
> Alternatively a restriction
> "reject_rfc5322_from_envelope_sender_mismatch" (or the like) would be
> thinkable.
Do you have a design for that? Note that most reject_mumble features
are designed to block mail BEFORE the "DATA" command, whereas the
message header is received AFTER the DATA command.
You might be better off implementing this with a Milter
In Postfix: require that MAIL FROM matches SASL login
In Milter: require that MAIL FROM matches From: header.
> Of course this could be done by a content scanner like
> Amavis/Spamassassin, but I?m looking for a pure-postfix solution ;)
Postfix does not have to implement all possible content restrictions,
that is what Milters and Amavis/Spamassassin are for.
Wietse
