Hello Viktor, thanks a lot for your time and the great explanation, but i think that's not what i'm looking for.
What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. Same Identity forms exists in different webmail solutions or email desktop clients like Roundcube or Mozilla Thunderbird but don't know why After logic operates in a different way. What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. Thanks a lot On Mon, Mar 31, 2014 at 4:56 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Mon, Mar 31, 2014 at 04:32:45PM +0200, Pau Peris wrote: > > > I'm running Postfix 2.11 and I would like to reject/prevent authenticated > > users from sending emails with forged sender/from address. > > Postfix only restricts forgery of the envelope sender address. > There are no features in Postfix to restrict senders to a particular > RFC 2822 From: address. > > If you're operating a submission service where authentication is > required, and for some reason you absolutely must restrict the > "From" address, the best you can do is to configure a dedicated > cleanup(8) instance for the submission servvice that discards the > From header, in which case if I recall correctly, Postfix will > insert a new From header with the envelope sender email address > (and no full name). > > header_checks: > /^from:/ IGNORE > > This breaks legitimate use of "Resent-From:". Both Apple's Mail.app > and mutt allow users to resend a message to another recipient in > a way that preserves the original "From:" header so they reply to > the author, (the address of the forwarding user is in "Resent-From") > rather than the person forwarding the mail. > > -- > Viktor.
