diff options
| author | Malfurious <m@lfurio.us> | 2024-06-12 10:45:13 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2024-06-14 22:46:33 -0400 |
| commit | 2ee344e9c7ab8182efde6a18e50d4b4e7d148e71 (patch) | |
| tree | de81a90c3c847e2803c35b84fcd245e78552d564 /postfix/main.cf | |
| parent | dc7f1bb8f52569b158f0c24c02070fcc459e580d (diff) | |
| download | mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.tar.gz mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.zip | |
postfix: Deny submission sender/login mismatch
Prevent outgoing spoofed emails by requiring the MAIL FROM header to
match the SASL login name.
Specifically, the SASL user must "own" the address.
`smtpd_sender_login_maps` defines a lookup table to determine ownership.
We create a placeholder table that states each user simply owns their
own email address (aka: the value of their username).
Signed-off-by: Malfurious <m@lfurio.us>
Diffstat (limited to '')
| -rw-r--r-- | postfix/main.cf | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/postfix/main.cf b/postfix/main.cf index 2397399..7ded588 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -35,6 +35,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # System parameters smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +smtpd_sender_login_maps = hash:/etc/postfix/vaddress myhostname = ENV_HOSTNAME mydestination = $myhostname localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 |