Don't let authenticated client use arbitrary sender addresses.

The following policy is now implemented:

    * users can use their SASL login name as sender address;
    * alias and/or list owners can use the address as envelope sender;
    * domain postmasters can use arbitrary sender addresses under their
      domains;
    * domain owners can use arbitrary sender addresses under their domains,
      unless it is also an existing account name;
    * for known domains without owner or postmasters, other sender addresses
      are not allowed; and
    * arbitrary sender addresses under unknown domains are allowed.

1 files changed, 23 insertions, 0 deletions

diff --git a/roles/MSA/etc/systemd/system/postfix-sender-login.service b/roles/MSA/etc/systemd/system/postfix-sender-login.service
new file mode 100644
index 0000000..3ceb310
--- /dev/null
+++ b/roles/MSA/etc/systemd/system/postfix-sender-login.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Postfix sender login socketmap
+After=mail-transport-agent.target
+Requires=postfix-sender-login.socket
+
+[Service]
+User=postfix
+Group=postfix
+StandardInput=null
+SyslogFacility=mail
+ExecStart=/usr/local/bin/postfix-sender-login.pl
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+RestrictAddressFamilies=AF_UNIX
+
+[Install]
+WantedBy=multi-user.target
+Also=postfix-sender-login.socket