Postfix does not check “From:” address with sender_login_maps

postfix

I am trying to set up a postfix configuration where (virtual) users are allowed to only send with "From:"-addresses they own. So I put reject_authenticated_sender_login_mismatch into smtpd_sender_restrictions.

Using

query = SELECT goto FROM alias WHERE address='%s' and active=1;

in my sender_login_maps.cf I can send mails with any sender address I want, even something like madeup@not_my_domain.com.

However,

postmap -q "madeup@not_my_domain.com" mysql:/etc/postfix/sql/sender_login_maps.cf

returns nothing as expected.

Now if I change the query to

SELECT goto FROM alias WHERE address='notinthedatabaseforsure' and active=1;

I am not able to send any mails at all. So far so good. But the log says

postfix/smtps/smtpd[11683]: NOQUEUE: reject: RCPT from...: 553 5.7.1 <user@domain.com>: 
  Sender address rejected: not owned by user user@domain.com; from=<user@domain.com> to=<user2@domain.com> proto=ESMTP helo=<[192.168.2.103]>

even if I try to send from madeup@not_my_domain.com. user@domain.com is the login name, user2@domain.com the recipient.

In a proper setup i would expect something like

postfix/smtps/smtpd[11683]: NOQUEUE: reject: RCPT from ...: 553 5.7.1 <madeup@not_my_domain.com>: 
  Sender address rejected: not owned by user user@domain.com; from=<madeup@not_my_domain.com> to=<user2@domain.com> proto=ESMTP helo=<[192.168.2.103]>

So it looks like postfix uses the login name to search for the login name regardless of the sender address, which explains why I can send with any sender address using the query I mentioned first.

Update: I checked my sql logs and indeed, the MySQL server never sees madeup@not_my_domain.com. It only gets queries for the login address and the recipient address user2@domain.com.

Here are the smtps part from master.cf and my main.cf:

smtps inet n - - - - smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o tls_preempt_cipherlist=yes
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_relay_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o cleanup_service_name=submission-header-cleanup

mynetworks = 127.0.0.0/8
inet_interfaces = all
mydomain = domain.com
myhostname = mail.domain.com
myorigin = $mydomain
mydestination =
relayhost =


smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient

smtpd_recipient_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_invalid_hostname

smtpd_sender_restrictions =
 reject_non_fqdn_sender,
 reject_unknown_sender_domain,
 reject_unauth_pipelining,
 reject_authenticated_sender_login_mismatch,
 permit_sasl_authenticated

smtpd_helo_required = yes
smtpd_helo_restrictions =   permit_mynetworks
                            reject_invalid_helo_hostname
                            reject_non_fqdn_helo_hostname
                            reject_unknown_helo_hostname

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

postscreen_access_list =        permit_mynetworks
                                cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
postscreen_greet_action = drop

postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = dnsbl.sorbs.net*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*2, zen.spamhaus.org*2
postscreen_dnsbl_action = drop

virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
relay_domains = mysql:/etc/postfix/sql/relay_domains.cf
smtpd_sender_login_maps = mysql:/etc/postfix/sql/sender_login_maps.cf


virtual_uid_maps = static:3000
virtual_gid_maps = static:3000
virtual_mailbox_base = /home/vmail

# Disable NIS lookup warning
alias_maps=hash:/etc/aliases

append_dot_mydomain = no
recipient_delimiter = +

Best Answer

If a user with a login name user@example.com may only send as user@example.com you should use reject_sender_login_mismatch before permit_sasl_authenticated

smtpd_sender_restrictions = 
    # ... skip ...
    reject_sender_login_mismatch
    permit_sasl_authenticated

This option includes functionality of both reject_authenticated_sender_login_mismatch and reject_unauthenticated_sender_login_mismatch.

Moreover, check that your SQL query for a user returns his email (AKA login) for which postfix will run tests. If it just returns 1 or other "true" value it may not work as expected.

Related Solutions

postfix – Prevent Users from Changing Real Email Address

Have a look at the smtpd_sender_restrictions and smtpd_sender_login_maps settings. The former can prevent malformed from addresses, while the latter can force the sender address to match the login name.

# Prevent malformed senders
smtpd_sender_restrictions =
    reject_non_fqdn_sender       # Ensure correct mail addresses
    reject_unknown_sender_domain # Ensure sender address is from an existing domain
    reject_authenticated_sender_login_mismatch # Check if the user is 
                                 # allowed to use this sender address

# Maps used to stop sender address forgeries.
smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre

The contents of login_maps.pcre could be

# Use this regex if your users are local users, i.e. if the login name
# is just the username, not a full mail address.
# Note that literal dots have to be backslash escaped (`\.`) to avoid
# interpretation of these dots as regex wildcard.
/^([^@+]*)(\+[^@]*)?@example\.com$/ ${1}

# If one doesn't care about subaddresses, this could be simplified to
/^(.*)@example\.com/ ${1}

# This is appropriate if you have virtual users who login with their
# full mail address as their username.  Local addresses won't work, though
/^(.*)$/    ${1}

The above config assumes that postfix was compiled with support for PCRE. On Ubuntu/Debian, this requires the postfix-pcre package to be installed.

Note that this will only work if nobody but authenticated users can send mail. If you allow mail from unauthenticated users, the above method won't help and will fail. Make sure to read Rui F Ribeiro's answer if that's the case.

How to change postfix sender address

Postfix itself does not "set" the from address for an mail (as long has you haven't really tweaked the postfix configuration).
The from address header of an e-mail is set by the mail client which is asking postfix to deliver the mail (Postfix is a MTA).

Hence you are looking at the wrong place - as far as I understand your question.

You mentioned that you are using the mail command to test your configuration. This neat little command is - by default - using the systems user name under which the command gets executed. In your case this seems to be user root. Try executing mail as a different user and you'll see the from part changed.
And since the command mail does - by default - not append the domain part to the "from" header of the mail it hands over to postfix, postfix is appending the myorigin part automatically to root.

Though mail is not limiting you to not use some other "from" e-mail header. You can read about on the www or the manual page of mail. Also consider using sendmail.

Please note that postfix is a beast when it comes to configurability. You may accomplish almost everything you want postfix to do if you really understand its architecture and configuration files.
But since you are asking a quite 'newbee-ish' question you may not yet want to go down that road...

Best Answer

Related Solutions

postfix – Prevent Users from Changing Real Email Address

How to change postfix sender address

Related Question