diff options
| author | Malfurious <m@lfurio.us> | 2024-06-12 10:45:13 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2024-06-14 22:46:33 -0400 |
| commit | 2ee344e9c7ab8182efde6a18e50d4b4e7d148e71 (patch) | |
| tree | de81a90c3c847e2803c35b84fcd245e78552d564 /postfix/entrypoint.sh | |
| parent | dc7f1bb8f52569b158f0c24c02070fcc459e580d (diff) | |
| download | mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.tar.gz mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.zip | |
postfix: Deny submission sender/login mismatch
Prevent outgoing spoofed emails by requiring the MAIL FROM header to
match the SASL login name.
Specifically, the SASL user must "own" the address.
`smtpd_sender_login_maps` defines a lookup table to determine ownership.
We create a placeholder table that states each user simply owns their
own email address (aka: the value of their username).
Signed-off-by: Malfurious <m@lfurio.us>
Diffstat (limited to 'postfix/entrypoint.sh')
| -rwxr-xr-x | postfix/entrypoint.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/postfix/entrypoint.sh b/postfix/entrypoint.sh index 18805eb..46c06ab 100755 --- a/postfix/entrypoint.sh +++ b/postfix/entrypoint.sh @@ -1,11 +1,17 @@ #!/bin/sh -# Generate virtual mailbox mappings from user password file -# "user@domain domain/user/" +# Generate virtual mappings from user password file +# Incoming mail: "user@domain domain/user/" >vmailbox +# (The trailing slash indicates the directory is a maildir.) sed 's/:.*$//g' </etc/userconfig/passwd \ | awk -F '@' '{printf "%s %s/%s/\n", $0, $2, $1}' >/etc/postfix/vmailbox +# Outgoing mail: "user@domain user@domain" >vaddress +sed 's/:.*$//g' </etc/userconfig/passwd \ + | awk '{printf "%s %s\n", $0, $0}' >/etc/postfix/vaddress + # Generate Berkeley DB files +postmap /etc/postfix/vaddress postmap /etc/postfix/vmailbox postmap /etc/userconfig/aliases |