On 2018-02-20 11:07, Ralph Seichter wrote: > On 20.02.2018 10:35, Karol Augustin wrote: > >> On 2018-02-19 23:13, @lbutlr wrote: >> >> > For example, most people have many email addresses, and rather than >> > try to manage many different servers, they will pick their "best" >> > server to send their email through. >> >> Any modern email client uses autoconfiguration this days and it is >> actually very hard to set things up as you describe (using identities >> etc.) in comparison to proper setup with one submission server per >> account. > > Multiple identities are "proper" and very useful, especially when it > comes to using different addresses for different mailing lists or when > sub-addressing is unavailable. Also, people can have different roles > with different email addresses in an organisation. Arbitrarily enforcing > a one-to-one-relationship between email addresses and email accounts is, > in my experience, often unnecessary and counterproductive. > > It can indeed be hard to set this up on the client side, due to the > aforementioned restrictions of MTAs and for lack of support in MUAs. > Mozilla Thunderbird may be dying a slow death, but I keep using it for > its good multi-identity-support. I've asked Apple several times over the > years why both their macOS and iOS mail clients don't support it, but > apparently this does not even deserve an answer. > >> Sending e-mails on behalf of other domains breaks SPF, DKIM, DMARC and >> is in general considered spoofing. You should be prepared for complaints >> if you ARE allowing this. > > I run servers for myself and for customers that send email for various > domains, with the proper config for SPF, DKIM, DMARC, DANE -- you name > it -- and support multiple identities. It takes a bit more effort on the > server side, but the users are happy, and I think that's worth the extra > thought spent on the server setup. > > I'm not saying everybody needs multiple identities, but I know enough > people who consider it important, including myself. > > -Ralph
Ok, so I think I misunderstood you. I agree that multiple identities are useful and should be used. I use them myself. I just don't agree that any user should be allowed to send email from arbitrary domains using your e-mail server. For example my users can't send e-mails From: gmail address using my server. They are only allowed to send e-mail using addresses that they "own", which I have configured using this ugly query (sender_login_maps): query = select email from ((select email from virtual_users where email='%s') union (select destination from virtual_users, virtual_aliases where virtual_users.email = virtual_aliases.destination and virtual_aliases.source='%s')) as adr \ join virtual_domains where SUBSTRING_INDEX(adr.email, '@', -1) = virtual_domains.name So if there is alias configured to deliver to particular user than user can send e-mail from this address, but not from any address (gmail.com), and not from his colleague's address, even if it is in the same domain. So I agree, 1-to-1 mapping is bad but I disagree that complete freedom for authenticated users is good. k. -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312