From c81d7334e5c6c31c4133edbd411b7f306d50ae8c Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Tue, 6 Mar 2018 22:45:13 +0800
Subject: mail/postfix: add login-maps.pcre for $smtpd_sender_login_maps

---
 roles/mail/files/postfix/login-maps.pcre | 33 ++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 roles/mail/files/postfix/login-maps.pcre

(limited to 'roles/mail/files/postfix')

diff --git a/roles/mail/files/postfix/login-maps.pcre b/roles/mail/files/postfix/login-maps.pcre
new file mode 100644
index 0000000..1f14223
--- /dev/null
+++ b/roles/mail/files/postfix/login-maps.pcre
@@ -0,0 +1,33 @@
+#
+# $config_directory/login-maps.pcre
+# Postfix: smtpd_sender_login_maps
+#
+# Lookup table with the SASL login names that own the sender
+# (MAIL FROM) addresses.
+#
+# NOTE:
+# Add "reject_sender_login_mismatch" to $smtpd_sender_restrictions .
+#
+# NOTE
+# ----
+# By default an SMTP client may specify *any* envelope sender address
+# in the "MAIL FROM" command, because the server only knows the remote
+# client's hostname and IP address, but not the user who controls the
+# remote client.
+# But the Postfix SMTP server knowns who the sender is once the SASL
+# authentication is used.  This table file provides the maps betwee
+# envelope sender addresses and SASL login names, which is used by the
+# server to decide if the SASL authenticated client is allowed to use
+# a particular envelope sender address.
+#
+# References:
+# * Postfix SASL HOWTO - Envelope sender address authorization
+#   http://www.postfix.org/SASL_README.html#server_sasl_authz
+#
+
+# Enforce that user can only send from their own sender address.
+# Credit: https://serverfault.com/a/710235/387898
+#
+# Envelope sender       | Owner (SASL login names)
+# ---------------------------------------------------------------------
+/^(.*)$/                ${1}
-- 
cgit v1.2.2