On 2018-02-20 (02:35 MST), Karol Augustin <ka...@augustin.pl> wrote: > > On 2018-02-19 23:13, @lbutlr wrote: >> On 2018-02-19 (09:35 MST), Alex <mysqlstud...@gmail.com> wrote: >>> >>> In other words, if the sasl_username is alice, I'd like to restrict the >>> envelope sender and From address to only legitimate accounts belonging to >>> that sasl user. >> >> This may break many people's workflows. >> >> For example, most people have many email addresses, and rather than >> try to manage many different servers, they will pick their "best" >> server to send their email through. > > Any modern email client uses autoconfiguration this days and it is > actually very hard to set things up as you describe (using identities > etc.) in comparison to proper setup with one submission server per > account.
It obviosuly is not since I see a lot of mail "from" gmail addresses going out via my server. >> So, when I send an email to someone from my google account, it >> probably doesn't go through google's submission servers. > > This might have been the case a decade ago but now doing this will most > probably put that e-mail in spam. Sending e-mails on behalf of other > domains breaks SPF, DKIM, DMARC and is in general considered spoofing. Nearly everything breaks SPF and nearly no-one cares about DKIM. > You should be prepared for complaints if you ARE allowing this. > > Try to send email from non-gmail address using gmail account. I've done this as well (like when my server is down but I need to send something "from" my admin account. But it's been a couple of years. >> Now, you might not care, but you might be prepared for the complaints. >> >> A better choice is to rate limit users. >> >> You can also check if the sender@yourdomain is a valid account, but >> then again, there are reasons someone (a company, especially) might >> want an invalid sender. >> >> And you'll break mailing lists if you aren't careful. > > How? What restricting users to send mail only from addresses they own > has to do with mailing lists? Because the envelope may not contain exactly the end-user's email address and if you assume it will, you will break things. -- Beware of the Leopard!