From 6e39bad3fbe75b88fca4c2e2aad8eb51af14b1be Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 31 May 2017 21:42:32 +0200
Subject: Don't let authenticated client use arbitrary sender addresses.

The following policy is now implemented:

    * users can use their SASL login name as sender address;
    * alias and/or list owners can use the address as envelope sender;
    * domain postmasters can use arbitrary sender addresses under their
      domains;
    * domain owners can use arbitrary sender addresses under their domains,
      unless it is also an existing account name;
    * for known domains without owner or postmasters, other sender addresses
      are not allowed; and
    * arbitrary sender addresses under unknown domains are allowed.
---
 roles/MSA/templates/etc/postfix/main.cf.j2 | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'roles/MSA/templates/etc/postfix/main.cf.j2')

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index f5f0834..ec6b242 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -93,10 +93,12 @@ smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
+smtpd_sender_login_maps   = socketmap:unix:private/sender-login:sender_login
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
     check_sender_access cdb:$config_directory/check_sender_access
+    reject_known_sender_login_mismatch
 
 smtpd_relay_restrictions =
     reject_non_fqdn_recipient
-- 
cgit v1.2.3