On Tue, Dec 22, 2015 at 12:37:16AM +0100, Aleš Krajník wrote:
> Is there any solution that would define or whitelist as which sender can
> each of local system accounts send e-mail when using Postfix's sendmail
> binary?
>
> I have a hosting server with PHP-FPM FastCGI server, each site on the server
> runs as one PHP-FPM process, each site has its own local user on the server.
Configure PHP to use a "wrapper" sendmail program that enforces
the desired restrictions before running the underlying "real"
sendmail command.
> Is there any way to achieve that using sendmail, without switching to SMTP
> protocol? With SMTP the whitelisting would be possible I guess but it would
> require me to create a database of accounts and passwords and to set them to
> all PHP-FPM users.
Use a different "sendmail". By the way, the postfix postdrop(1)
program is the one that enforces "authorized_submit_users", but
this does not restrict the envelope sender address as there are
legitimate cases for keeping a valid external address unchanged in
scripts that forward received mail.
--
Viktor.
