Don't let authenticated client use arbitrary sender addresses.

The following policy is now implemented:

    * users can use their SASL login name as sender address;
    * alias and/or list owners can use the address as envelope sender;
    * domain postmasters can use arbitrary sender addresses under their
      domains;
    * domain owners can use arbitrary sender addresses under their domains,
      unless it is also an existing account name;
    * for known domains without owner or postmasters, other sender addresses
      are not allowed; and
    * arbitrary sender addresses under unknown domains are allowed.

1 files changed, 6 insertions, 1 deletions

diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2
index c2ee395..52b2ec4 100644
--- a/roles/common/templates/etc/postfix/master.cf.j2
+++ b/roles/common/templates/etc/postfix/master.cf.j2
@@ -20,8 +20,13 @@ tlsproxy  unix  -       -       n       -       0       tlsproxy
 dnsblog   unix  -       -       n       -       0       dnsblog
 cleanup_nochroot unix n -       n       -       0       cleanup
 {% elif inst == 'MSA' %}
-{{ postfix_instance.MSA.port }} inet n       -       -       -       -       smtpd
+submission inet n       -       -       -       -       smtpd
   -o tls_high_cipherlist=EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
+{% if groups.webmail | difference([inventory_hostname]) | length > 0 %}
+[{{ postfix_instance.MSA.addr }}]:{{ postfix_instance.MSA.port }} inet n       -       -       -       -       smtpd
+  -o smtpd_tls_security_level=none
+  -o smtpd_sasl_security_options=noanonymous
+{% endif %}
 {% elif inst in ['IMAP', 'out', 'lists'] %}
 [{{ postfix_instance[inst].addr }}]:{{ postfix_instance[inst].port }} inet n       -       -       -       -       smtpd
 {% endif %}