CentOS 8.x postfix restrict email from address based on username used for authentication
From Notes_Wiki
Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix restrict email from address based on username used for authentication
To ensure that outgoing email is sent only from allowed from addresses based on user who has logged in (authentication information):
- Edit /etc/postfix/main.cf to include
- smtpd_relay_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
- smtpd_recipient_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
- Note that reject_sender_login_mismatch is befeore permit_sasl_authenticated and after permit_mynetworks
- Append username of user who authentication in email headers
- smtpd_sasl_authenticated_header = yes
- smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps,
- pcre:/etc/postfix/sasl_default_senders
- Have /etc/postfix/sasl_default_senders file with following contents
- /^(.*)@example.com/ $1
- This basically allows email from saurabh@example.com from user saurabh via regular expressions. Thus if login is done via username user1, emails can be sent as user1@example.com
- Have /etc/postfix/sender_login_maps file with following contents:
- saurabh2@example.com.com saurabh
- root@files.example.com logwatch
-
- This is just a test rule to allow saurabh user to send emails as saurabh2 also.
- After this map both files
- cd /etc/postfix/
- postmap sender_login_maps
- postmap sasl_default_senders
- Reload postfix
- systemctl reload postfix
- Test outgoing email from user saurabh with email IDs:
- saurabh@example.com
- Should work due to regular expression
- saurabh2@example.com
- Should work due to use of sender_login_maps file
- saurabh3@example.com
- Should get rejected as it is not allowed as per policy.
- Test incoming emails to saurabh@example.com and aliases such as contact@example.com
Refer:
- http://postfix.1071664.n5.nabble.com/reject-sender-login-mismatch-td84668.html
- https://serverfault.com/questions/948362/postfix-multiple-smtpd-sender-login-maps
- https://www.howtoforge.com/community/threads/postfix-sender_login_maps.6037/
Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix restrict email from address based on username used for authentication