postfix: Deny submission sender/login mismatch

Prevent outgoing spoofed emails by requiring the MAIL FROM header to match the SASL login name. Specifically, the SASL user must "own" the address. `smtpd_sender_login_maps` defines a lookup table to determine ownership. We create a placeholder table that states each user simply owns their own email address (aka: the value of their username). Signed-off-by: Malfurious <m@lfurio.us>
author: Malfurious <m@lfurio.us> 2024-06-12 10:45:13 -0400
committer: Malfurious <m@lfurio.us> 2024-06-14 22:46:33 -0400
commit: 2ee344e9c7ab8182efde6a18e50d4b4e7d148e71 (patch)
tree: de81a90c3c847e2803c35b84fcd245e78552d564 /postfix/master.cf
parent: dc7f1bb8f52569b158f0c24c02070fcc459e580d (diff)
download: mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.tar.gz
mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/postfix/master.cf b/postfix/master.cf
index 45df2bb..935dbec 100644
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -22,7 +22,7 @@ submissions inet n      -       n       -       -       smtpd
   -o smtpd_sasl_path=private/auth
   -o smtpd_reject_unlisted_recipient=no
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o smtpd_sender_restrictions=
+  -o smtpd_sender_restrictions=reject_sender_login_mismatch
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
   -o cleanup_service_name=cleanupips
   -o milter_macro_daemon_name=ORIGINATING
author	Malfurious <m@lfurio.us>	2024-06-12 10:45:13 -0400
committer	Malfurious <m@lfurio.us>	2024-06-14 22:46:33 -0400
commit	2ee344e9c7ab8182efde6a18e50d4b4e7d148e71 (patch)
tree	de81a90c3c847e2803c35b84fcd245e78552d564 /postfix/master.cf
parent	dc7f1bb8f52569b158f0c24c02070fcc459e580d (diff)
download	mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.tar.gz mailnode-2ee344e9c7ab8182efde6a18e50d4b4e7d148e71.zip