Miha,
On 2010.09.10. 18:38, Miha Vrhovnik wrote:
> Shouldn't the decision on for which domain to sign message be taken from the MAIL FROM, or at least mail from should equal the From header in message itself.
>
> I know that sender (MAIL FROM) can also be faked, but the way I've set up postfix is that the sender must be a valid alias for a login name, or relaying is denied, so there is no issue with fakes.
Have a look at the authheaders-check-setup-hook.lua script in the
contrib dir. The script only allows sasl authenticated users to sign
outgoing mails. The envelope sender and From header have to match the
sasl username, otherwise the mail is rejected. The script also checks
for valid aliases (mysql alias table is implemented), so you are still
allowed to use those as sender addresses as long as it points to your
mailbox. (which I think you already solved in postfix)
BR,
Jos
Received on Fri Sep 10 2010 - 17:15:41 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Fri Sep 10 2010 - 20:50:00 PST