On Mon, Mar 31, 2014 at 04:32:45PM +0200, Pau Peris wrote:

> I'm running Postfix 2.11 and I would like to reject/prevent authenticated
> users from sending emails with forged sender/from address.

Postfix only restricts forgery of the envelope sender address.
There are no features in Postfix to restrict senders to a particular
RFC 2822 From: address.

If you're operating a submission service where authentication is
required, and for some reason you absolutely must restrict the
"From" address, the best you can do is to configure a dedicated
cleanup(8) instance for the submission servvice that discards the
>From header, in which case if I recall correctly, Postfix will
insert a new From header with the envelope sender email address
(and no full name).

    header_checks:
        /^from:/ IGNORE

This breaks legitimate use of "Resent-From:".  Both Apple's Mail.app
and mutt allow users to resend a message to another recipient in
a way that preserves the original "From:" header so they reply to
the author, (the address of the forwarding user is in "Resent-From")
rather than the person forwarding the mail.

-- 
        Viktor.

Reply via email to