How to limit the From header to match MAIL FROM in postfix

postfixspam

SMTP clients are required to pass user authentication before sending emails to other domains (relay). And we can use smtpd_sender_restrictions to make sure the MAIL FROM address matches the authenticated user. But how to make sure the From address in the mail header matches the MAIL FROM address? We also want to limit Reply-To header, so spam senders can hardly use our SMTP server, even if they break some of the user passwords.

Best Answer

If You want to do re-write mail headers, you'll have to have postfix pass the mail through some program which does the re-writing. Have a look at documentation for something like policyd for how that interaction works.

However, I'm not convinced that what you're describing is a good idea, or helpful with spam. If you can't rely on the behaviour of authenticated users, then you need to do content filtering much as you'd do for mail coming in for mail from unknown sources coming to your users.

Related Solutions

Postfix – Forcing the From Address When Relaying Over SMTP

This is how to really do it in postfix.

This config changes sender addresses from both local originated, and relayed SMTP mail traffic:

/etc/postfix/main.cf:

sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check

Rewrite envelope address from email originating from the server itself

/etc/postfix/sender_canonical_maps:

/.+/    newsender@address.com

Rewrite from address in SMTP relayed e-mail

/etc/postfix/header_check:

/From:.*/ REPLACE From: newsender@address.com

Thats very useful if you're for instance using a local relay smtp server which is used by all your multifunctionals and several applications.

If you use Office 365 SMTP server, any mail with a different sender address than the email from the authenticated user itself will simply be denied. The above config prevents this.

Postfix add sender based on from header

The envelope sender is set by the mail client when sending mail; it is not a header and appears nowhere in the mail body.

Postfix, being an MTA, doesn't really care about From: headers, except insofar as it can rewrite them based on the envelope sender or some other rule, if you so desire.
This can be useful in situations where the internal postfix domain is not externally valid (such as user@localhost.localdomain) to enable the recipient to respond to the message; the envelope sender is set as the Return-Path: header upon delivery of the message.

I've never seen a requirement to perform the inverse, i.e. change the envelope sender based on a From: header; since headers are trivially forged this would enable an easy spam target.

What you should do instead is the following:

set up postfix to require submission as defined in RFC4409, using both TLS and SASL, for all locally submitted mail; see the commented-out example in master.cf.
disallow submission of mail via the MTA port (25) by removing permit_mynetworks from smtpd_*_restrictions.
disallow submitting mail via the sendmail(1) command and all its derivatives via the authorized_submit_users parameter
configure your application to use a dedicated login that will restrict the envelope sender via the smtpd_sender_login_maps parameter
configure your application to set the proper envelope sender when submitting mail.

Best Answer

Related Solutions

Postfix – Forcing the From Address When Relaying Over SMTP

Postfix add sender based on from header

Related Topic