diff options
| author | Malfurious <m@lfurio.us> | 2024-06-12 10:45:13 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2024-06-14 22:46:33 -0400 |
| commit | 2ee344e9c7ab8182efde6a18e50d4b4e7d148e71 (patch) | |
| tree | de81a90c3c847e2803c35b84fcd245e78552d564 /postfix/master.cf | |
| parent | dc7f1bb8f52569b158f0c24c02070fcc459e580d (diff) | |
| download | mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.tar.gz mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.zip | |
postfix: Deny submission sender/login mismatch
Prevent outgoing spoofed emails by requiring the MAIL FROM header to
match the SASL login name.
Specifically, the SASL user must "own" the address.
`smtpd_sender_login_maps` defines a lookup table to determine ownership.
We create a placeholder table that states each user simply owns their
own email address (aka: the value of their username).
Signed-off-by: Malfurious <m@lfurio.us>
Diffstat (limited to '')
| -rw-r--r-- | postfix/master.cf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/postfix/master.cf b/postfix/master.cf index 45df2bb..935dbec 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -22,7 +22,7 @@ submissions inet n - n - - smtpd -o smtpd_sasl_path=private/auth -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject -# -o smtpd_sender_restrictions= + -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o cleanup_service_name=cleanupips -o milter_macro_daemon_name=ORIGINATING |