CentOS 8.x postfix restrict email from address based on username used for authentication

From Notes_Wiki

Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix restrict email from address based on username used for authentication

To ensure that outgoing email is sent only from allowed from addresses based on user who has logged in (authentication information):

  1. Edit /etc/postfix/main.cf to include 
    smtpd_relay_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
    

    smtpd_recipient_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination
    Note that reject_sender_login_mismatch is befeore permit_sasl_authenticated and after permit_mynetworks
  2. Append username of user who authentication in email headers 
    smtpd_sasl_authenticated_header = yes
    

    smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps,
    

    pcre:/etc/postfix/sasl_default_senders
  3. Have /etc/postfix/sasl_default_senders file with following contents 
    /^(.*)@example.com/             $1
    This basically allows email from saurabh@example.com from user saurabh via regular expressions. Thus if login is done via username user1, emails can be sent as user1@example.com
  4. Have /etc/postfix/sender_login_maps file with following contents: 
    saurabh2@example.com.com   saurabh
    

    root@files.example.com  logwatch
    This is just a test rule to allow saurabh user to send emails as saurabh2 also.
  5. After this map both files 
    cd /etc/postfix/
    

    postmap sender_login_maps
    

    postmap sasl_default_senders
  6. Reload postfix 
    systemctl reload postfix
  7. Test outgoing email from user saurabh with email IDs:
    saurabh@example.com
    Should work due to regular expression
    saurabh2@example.com
    Should work due to use of sender_login_maps file
    saurabh3@example.com
    Should get rejected as it is not allowed as per policy.
  8. Test incoming emails to saurabh@example.com and aliases such as contact@example.com


Refer:



Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix restrict email from address based on username used for authentication

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=CentOS_8.x_postfix_restrict_email_from_address_based_on_username_used_for_authentication&oldid=5565"