Adding option (not by default) reject_sender_login_mismatch in postfix
I think it's nice to add an option in the panel ISPConfig to prohibit the sending of emails with logged sasl user x@domain.com as y@domain2.com or anyone mail address.. This is a good mail server protection and I think it's a good idea to add as an option in ISPConfig Panel (not by the default) and who wishes to activate it.
I configured postfix on my servers the following way to get the desired result:
1.) Add " $smtpd_sender_login_maps" at the end of proxy_read_maps on main.cf. Mine looks like
BEFORE:
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
AFTER:
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $smtpd_sender_login_maps
2.) On new line in main.cf adding postfix option:
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
3.) Create /etc/postfix/mysql-virtual_sender_login_maps.cf with following content:
user = ispconfig password = XXX dbname = dbispconfig hosts = 127.0.0.1 query = select destination from mail_forwarding where source = '%s' and active = 'y' and type = 'alias' and server_id = 1 union select email from mail_user where email = '%s' and postfix = 'y' and server_id = 1;
and replace XXX with main password, which could be found in other /etc/postfix/mysql-*.cf file
!(This query will allow a x@domain.com sending mails only with sender x@domain.com AND created Email Alias pointed to x@domain.com)!
4.) chown and chmod /etc/postfix/mysql-virtual_sender_login_maps.cf file:
chown root:postfix /etc/postfix/mysql-virtual_sender_login_maps.cf && chmod 640 /etc/postfix/mysql-virtual_sender_login_maps.cf
5.) Restarting postfix
Now when I try to send mail from a user other than the one with which I logged (x@domain.com) postfix says:
Sender address rejected: not owned by user x@domain.com