How to enforce sender address to be "[email protected]" in Postfix?

Solution 1:

First, check whether your installation of Postfix supports pcre by entering the command postconf -m and looking for a line with pcre in it. Once you have verified that you have pcre support, you can do as follows:

/etc/postfix/login_maps.pcre:

/^(.*)@example\.org$/   ${1}

In main.cf:

smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre

This should work fine.

Solution 2:

The regex mentioned in the other answer matches the user part of the email address (logged-in-user@example.org). Here is some additional information.

To use the full email address as username, use the following regex (for example in /etc/postfix/login_map):

/^(.*)$/   ${1}

This means that your username is always your full email address ([email protected]) - no other existing username is allowed to send from that address - and you don't have to update an additional Postfix config file everytime you add a user.

This might be used on a server that has multiple domains configured. User [email protected] is only allowed to send from that address but not from [email protected] (different user and email, different person). The username john.doe would be ambiguous in this case.

Also, depending on your configuration, the smtpd_sender_login_maps setting, which has to point to this file, may be in the master.cf (instead of main.cf). The official Dovecot documentation has the following example (if you're using SASL/submission):

submission inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

In this example, the setting should be adjusted to point to the right file and use regex or (better) pcre as type. Especially if a file called "virtual" is already used for another purpose (for example for virtual_alias_maps, as shown in an official Postfix example), another file should be used for the login mapping.

From:

smtpd_sender_login_maps=hash:/etc/postfix/virtual

To:

smtpd_sender_login_maps=pcre:/etc/postfix/login_map

Tags:

Linux

Smtp Auth

Postfix

Recent Posts