On Wed, 7 Oct 2020 at 14:04, Vieri Di Paola <vieridipa...@gmail.com> wrote:
>
> On Wed, Oct 7, 2020 at 2:34 PM Tom Sommer <m...@tomsommer.dk> wrote:
> >
> > So SASL user "t...@example.com" would be able to send only from
> > "@example.com".
>
> smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre
>
> content of /etc/postfix/login_maps.pcre:
> /^(.*)@your(own)?domain\.org$/ ${1}
>
> This would force sasl-authed user "me" to only send from
> m...@yourdomain.org or m...@yourowndomain.org.
> You can change the regex to allow from @domain instead.
If, for authenticated users, you also want to enforce an *exact match*
between the Envelope Sender and the mail address in the 'From:'
header, this is offered by the milter at
https://github.com/magcks/milterfrom (but I have not tested it).
To enforce a domain-only match between the Envelope Sender and the
mail address in the 'From:' header the only way I can think of is to
use DMARC with p=reject, which is a big hammer for the given nut. Can
postfwd help here?
