In order to evade mail-relaying, unathorized users try to spoof the e-mail sender address in mail messages. One trick they use consists in making Postfix think the sender belongs to a mail domain in
$mydestination (that the message comes from a domain belonging to the list of domains that Postfix considers itself the final destination for).
mydomain = example.com myorigin = $mydomain mydestination = $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, localhost
The unauthorized user could try to pose as
firstname.lastname@example.org in order to send messages to other users in the
example.com mail domain, or to other users in other mail domains.
One way to stop this from happening is by using Authenticated SMTP (so Postfix can track who the sender is) and by establishing a relationship between (authenticated) users and message addresses. For example, we can link user
user1 to message addresses
email@example.com. So, when
user1 authenticates against Postfix, he is allowed to send messages as either
firstname.lastname@example.org, but no other address from the
example.com mail domain.
This can be achieved by listing the option
smtpd_recipient_restrictions. For example:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_address, reject_non_fqdn_hostname, reject_unauth_destination, reject_sender_login_mismatch
reject_sender_login_mismatch works in cooperation with
smtpd_sender_login_maps, which defines the linking between (authenticated) users and mail addresses. This mapping is defined using a table, which can be stored in a plain-text file and then converted to a hash table, a mysql table, etc. For example:
smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps
The table is stored as a hash map, whose plain-text representation is stored in file
/etc/postfix/smtpd_sender_login_maps. This plain-text file is then converted to a hash map by using the
# cd /etc/postfix # postmap smtpd_sender_login_maps
smtpd_sender_login_maps specifies ownership of MAIL FROM addresses, as used by the
reject_sender_login_mismatch sender address restriction.
Each line of the table specifies a sender address and the (authenticated) user login name that owns that address. The table has the following syntax and search order:
This form has the highest precedence. A user who successfully authenticates against Postfix as
ownercan send messages as
siteis equal to
siteis listed in
$mydestination, or when
siteis listed in
This matches every address in the specified domain, and has the lowest precedence.
For example, a file
/etc/postfix/smtpd_sender_login_maps with these entries:
email@example.com user1 firstname.lastname@example.org user1 email@example.com user3 @example.com user4
Has the following meaning:
user4owns any other address from the
@example.commail domain, except
user1 can send messages as
firstname.lastname@example.org, but he is not allowed to pose as sender
email@example.com or any other address.
NOTE: More information about Postfix UCE (Unsolicited Commercial E-mails) can be found here.