Hi, I'm trying to understand how the reject_unlisted_sender option works in the smtpd_sender_restrictions option. This is what I understand it to do:
For any received mail (it is an smtpd option after all), either for receiving mail from an external server or for sending mail from a logged in user with SASL, it checks whether the sender domain (envelope FROM) is a valid recipient address (ie. in my case the domain exists in the virtual_mailbox_domains) for this server, and if it is not it will reject. When testing however, it was accepting mail from an external server (gmail) to be delivered to an existing mailbox, but the sender domain was x...@gmail.com which is not a listed sender for my server obviously! Why are these mails not rejected? I don't want them to be rejected, but it is what I understood reject_unlisted_sender to do. My goal is to prevent spoofing of the envelope FROM (since we can't control the header FROM from Postfix) for outgoing mail, I do this by setting smtpd_sender_login_maps and adding reject_sender_login_mismatch to the smtpd_sender_restrictions. This works perfectly for SASL authenticated users by forcing the envelope FROM to be the same as the login username ( u...@domain.com), and I think the reject_unlisted_sender option would be redundant in this case. However, mail delivered locally (sendmail from system or from PHP) is not checked by the smtpd options, and I need a way to force the envelope sender for certain system users to nore...@primary-domain-of-user.com so that a PHP application can't spoof the envelope FROM when using sendmail. I use `sendmail -f nore...@primary-domain-of-user.com --` as the PHP sendmail_path, but I'd like to force this in Postfix for security. Regarding spoofing of the header FROM, if they use a different domain name than their envelope FROM (whether it is a permitted sender for the server or not), the destination server will likely reject it due to invalid DKIM. This is something I'll take up with the milter (rspamd) that does the DKIM signing, to reject any mail that it cannot DKIM sign. It will be possible to use a different local part: int...@example.com could impersonate himself as ad...@example.com (not sure if that is something I want to fix). Kind regards, Taco de Wolff
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org