Difference between revisions of "CentOS 8.x postfix restrict email from address based on username used for authentication"
From Notes_Wiki
m |
m |
||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x email servers]] > [[CentOS 8.x postfix]] > [[CentOS 8.x postfix restrict email from address based on username used for authentication]] | |||
To ensure that outgoing email is sent only from allowed from addresses based on user who has logged in (authentication information): | To ensure that outgoing email is sent only from allowed from addresses based on user who has logged in (authentication information): | ||
Line 51: | Line 50: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x email servers]] > [[CentOS 8.x postfix]] > [[CentOS 8.x postfix restrict email from address based on username used for authentication]] |
Latest revision as of 03:03, 30 March 2022
Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix restrict email from address based on username used for authentication
To ensure that outgoing email is sent only from allowed from addresses based on user who has logged in (authentication information):
- Edit /etc/postfix/main.cf to include
- smtpd_relay_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
- smtpd_recipient_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
- Note that reject_sender_login_mismatch is befeore permit_sasl_authenticated and after permit_mynetworks
- Append username of user who authentication in email headers
- smtpd_sasl_authenticated_header = yes
- smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps,
- pcre:/etc/postfix/sasl_default_senders
- Have /etc/postfix/sasl_default_senders file with following contents
- /^(.*)@example.com/ $1
- This basically allows email from saurabh@example.com from user saurabh via regular expressions. Thus if login is done via username user1, emails can be sent as user1@example.com
- Have /etc/postfix/sender_login_maps file with following contents:
- saurabh2@example.com.com saurabh
- root@files.example.com logwatch
-
- This is just a test rule to allow saurabh user to send emails as saurabh2 also.
- After this map both files
- cd /etc/postfix/
- postmap sender_login_maps
- postmap sasl_default_senders
- Reload postfix
- systemctl reload postfix
- Test outgoing email from user saurabh with email IDs:
- saurabh@example.com
- Should work due to regular expression
- saurabh2@example.com
- Should work due to use of sender_login_maps file
- saurabh3@example.com
- Should get rejected as it is not allowed as per policy.
- Test incoming emails to saurabh@example.com and aliases such as contact@example.com
Refer:
- http://postfix.1071664.n5.nabble.com/reject-sender-login-mismatch-td84668.html
- https://serverfault.com/questions/948362/postfix-multiple-smtpd-sender-login-maps
- https://www.howtoforge.com/community/threads/postfix-sender_login_maps.6037/
Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix restrict email from address based on username used for authentication