My mail server's default configuration uses the reject_authenticated_sender_login_mismatch setting of smtpd_sender_restrictions to prevent an arbitrary user A from sending email as user B (in the FROM field). I realize this is generically a good policy, because even one compromised user account would basically open up my mail server as a spam relay.
However, I would like to allow specific users (via a whitelist) to send mail as any user. For example, I would like to have my web server authenticate itself as x@example.com but then be able to send email on behalf of user1@example.com, user2@example.com, etc.
All other authenticated users should only be able to send email as themselves.
I think I'm on the right trail with the /etc/postfix/sender-login-maps.cf file, which currently contains:
dbpath=/home/user-data/mail/users.sqlite
query = SELECT permitted_senders
FROM (
SELECT permitted_senders, 0 AS priority
FROM aliases
WHERE source='%s'
AND permitted_senders IS NULL
UNION
SELECT email as permitted_senders, 2 AS priority
FROM users
WHERE email='%s'
)
ORDER BY priority LIMIT 1;
I'm not sure how to modify this to accomplish what I want.
Best Answer
I figured out how to modify the query in
/etc/postfix/sender-login-maps.cfto allow any user with "admin" privileges (as defined in theusers.sqlitetable) to send email as any other user at the same domain:So basically, if
x@example.comis set as an admin (which you can do in the user database, or through your account configuration interface), thenx@example.comwill be allowed to send mail asuser1@example.com,user2@example.com, etc. This seems like a reasonable policy to me.