postfix – Prevent Users from Changing Real Email Address

postfixsmtp

My postfix e-mail server is finally working well.

Now, I need to prevent users from forging their e-mail addresses in the client programs in the "from" field in the header, because a user can send email as other user with that, and a unexperienced user can think that is real.

If a user is experienced, he can inspect the email headers and know what is happening, but is there a way to block this behaviour?

Best Answer

Have a look at the smtpd_sender_restrictions and smtpd_sender_login_maps settings. The former can prevent malformed from addresses, while the latter can force the sender address to match the login name.

# Prevent malformed senders
smtpd_sender_restrictions =
    reject_non_fqdn_sender       # Ensure correct mail addresses
    reject_unknown_sender_domain # Ensure sender address is from an existing domain
    reject_authenticated_sender_login_mismatch # Check if the user is 
                                 # allowed to use this sender address

# Maps used to stop sender address forgeries.
smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre

The contents of login_maps.pcre could be

# Use this regex if your users are local users, i.e. if the login name
# is just the username, not a full mail address.
# Note that literal dots have to be backslash escaped (`\.`) to avoid
# interpretation of these dots as regex wildcard.
/^([^@+]*)(\+[^@]*)?@example\.com$/ ${1}

# If one doesn't care about subaddresses, this could be simplified to
/^(.*)@example\.com/ ${1}

# This is appropriate if you have virtual users who login with their
# full mail address as their username.  Local addresses won't work, though
/^(.*)$/    ${1}

The above config assumes that postfix was compiled with support for PCRE. On Ubuntu/Debian, this requires the postfix-pcre package to be installed.

Note that this will only work if nobody but authenticated users can send mail. If you allow mail from unauthenticated users, the above method won't help and will fail. Make sure to read Rui F Ribeiro's answer if that's the case.

Related Solutions

Postfix – Configure to Send and Receive to and from Localhost

You can use a /etc/postfix/main.cf file like this one:

myorigin = localhost
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
relayhost =

Short explanation of the parameters:

myorigin: this is the host name that the postfix program will use when sending email.
mydestination: this is the host name(s) that the postfix server considers itself able to receive mail for - you want localhost and any hostname on the machine (look into /etc/hosts) to be listed here.
mynetworks lists the "trusted" IP addresses from which postfix accepts any email
relayhost: if not empty, postfix will forward all emails to this server for delivery; you want this to be empty for local delivery to work.

You might want to have a look at http://www.postfix.org/BASIC_CONFIGURATION_README.html for a more authoritative explanation.

Postfix configuration – keep the envelops

To enable postfix to save the original recipient of the mail, you can add the following line to your main.cf:

enable_original_recipient = yes

After this, your mail contains the following header:

X-Original-To: original.recipient@your.mailhost.com

But for content filtering or inspection, you should have a look at the milter interface (before you accept and queue a mail) of Postfix or the content_filter directive (after you accepted and queued a mail).

Best Answer

Related Solutions

Postfix – Configure to Send and Receive to and from Localhost

Postfix configuration – keep the envelops

Related Question