On Mon, Mar 31, 2014 at 04:32:45PM +0200, Pau Peris wrote: > I'm running Postfix 2.11 and I would like to reject/prevent authenticated > users from sending emails with forged sender/from address.
Postfix only restricts forgery of the envelope sender address. There are no features in Postfix to restrict senders to a particular RFC 2822 From: address. If you're operating a submission service where authentication is required, and for some reason you absolutely must restrict the "From" address, the best you can do is to configure a dedicated cleanup(8) instance for the submission servvice that discards the >From header, in which case if I recall correctly, Postfix will insert a new From header with the envelope sender email address (and no full name). header_checks: /^from:/ IGNORE This breaks legitimate use of "Resent-From:". Both Apple's Mail.app and mutt allow users to resend a message to another recipient in a way that preserves the original "From:" header so they reply to the author, (the address of the forwarding user is in "Resent-From") rather than the person forwarding the mail. -- Viktor.