mail/postfix: add login-maps.pcre for $smtpd_sender_login_maps

1 files changed, 33 insertions, 0 deletions

diff --git a/roles/mail/files/postfix/login-maps.pcre b/roles/mail/files/postfix/login-maps.pcre
new file mode 100644
index 0000000..1f14223
--- /dev/null
+++ b/roles/mail/files/postfix/login-maps.pcre
@@ -0,0 +1,33 @@
+#
+# $config_directory/login-maps.pcre
+# Postfix: smtpd_sender_login_maps
+#
+# Lookup table with the SASL login names that own the sender
+# (MAIL FROM) addresses.
+#
+# NOTE:
+# Add "reject_sender_login_mismatch" to $smtpd_sender_restrictions .
+#
+# NOTE
+# ----
+# By default an SMTP client may specify *any* envelope sender address
+# in the "MAIL FROM" command, because the server only knows the remote
+# client's hostname and IP address, but not the user who controls the
+# remote client.
+# But the Postfix SMTP server knowns who the sender is once the SASL
+# authentication is used.  This table file provides the maps betwee
+# envelope sender addresses and SASL login names, which is used by the
+# server to decide if the SASL authenticated client is allowed to use
+# a particular envelope sender address.
+#
+# References:
+# * Postfix SASL HOWTO - Envelope sender address authorization
+#   http://www.postfix.org/SASL_README.html#server_sasl_authz
+#
+
+# Enforce that user can only send from their own sender address.
+# Credit: https://serverfault.com/a/710235/387898
+#
+# Envelope sender       | Owner (SASL login names)
+# ---------------------------------------------------------------------
+/^(.*)$/                ${1}