Check authenticated user/identity before sending


(Davide Principi) #44

No way for stunnel to localhost!

TLS is required to protect the clear text password exchange from the client to the server side.

If both sides are bound to tls is not required anymore.

Slapd can be configured for both cases. I’d expect Postfix allows the same.

(Davide Principi) #45

One possible solution could be defining a dedicated smtpd instance listening on (or another local ip?) with a specific option that allows clear text password exchange.

(Stéphane de Labrusse) #46

you stated this :smiley:

we could think for this later, I would like to start a P.O.C with a table with user account (address email with also pseudonym). We could have workable remote smtp, webtop5 and roundcubemail

What do you think ?

(Davide Principi) #47

Ok let’s see a working prototype configuration for roundcube and postfix

(Mark Verlinde) #48

Sorry it took a while, this is not my territory of expertise.

found this which en-lighted me:

I tend to agree with this, although i see the problem it’s hard to implement without breaking clients by closing one of the default smtp-ports (ie 25, 465, 587) with the firewall.

What about an extra custom port for postfix (ie 4465 ??) with localhost access restriction for PLAIN text login / auth ?

(Stéphane de Labrusse) #49

yes it is probably the only good solution, get another smtp service running on localhost with authentication but without TLS

I am not too much concerned now, this will be optional so we have time to think for it after

(Mark Verlinde) #50

I not sure if another smtpd is a needed; just an extra listing port. Set the global setting to may (smtpd_tls_security_level=may) but enforce it on the default ports. restrict acces to the customport to but do not enforce tls.

Pseudo config:

25      inet  n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=yes
  -o smtpd_sasl_auth_enable=yes
4465    inet  n       -       -       -       -       smtpd
  -o  mynetworks=
  -o smtpd_tls_security_level=may

(Stéphane de Labrusse) #51

second PR, we are coming

(Davide Principi) #52

I installed the PR RPM and I come with some questions

  1. what is the expected behavior of a shared mailbox? If I can read (and modify?) a shared mailbox content, should I be allowed to send a message with its email address? For instance

    user: first.user, member of grp1
    shared mailbox: shmbx1, shared with grp1, email alias

  2. what is the expected behavior of an alias address with multiple recipients? Should be the recipients allowed to send a message with the alias? For instance

    given email alias address expanded to,,
    can second.user set as message sender?

my /etc/postfix/login_maps expanded
# fully qualified aliases (address@domain)		admin,,		vmail+shmbx2,vmail+shmbx2,
# generic aliases expansion (address@)		admin,,		admin,,		user.external,,		user.external,,		vmail+shmbx2,vmail+shmbx2,		vmail+shmbx2,vmail+shmbx2,		root,root,		root,root,		vmail+shmbx1,vmail+shmbx1,		vmail+shmbx1,vmail+shmbx1,

@stephdl, my proposal for the implementation is

  • treat shared mailbox as “receive-only” address: we can’t obtain the group members list dynamically (so question 1: no)
  • to consider only Account= values with a @domain suffix matching the machine domain. Other entries seem redundant (so question 2: yes)
  • the values have to be list both with and without the @domain suffix (as from your PR)

(Stéphane de Labrusse) #53

Actually this is what I did

  • alias of an email : (first email) can send with if we set this email as its alias, or any domain of the server if the alias exists for each domain.

  • alias for group of people
    lets set (or group@) of three users, user1 user2 user3 for one domain or each domain of the server. Each member of this group can send with its email and the identity, (if exists on the server).

Obviously when the sender identity is enabled, you cannot anymore use an identity which is not relevant of /etc/postfix/login_maps and /etc/postfix/login_maps.pcre

For the sharedmailbox, I thought first that it is to receive email, and I did nothing, I probably missed to make a logic to exclude them of /etc/postfix/login_maps, even if it should not hurt.

To @all, do you see some missing feature for you, @saitobenkei what do you need more ?

(Stéphane de Labrusse) #54

On testing :doughnut::cookie::birthday::cake::cupcake::pie::chocolate_bar::candy::lollipop::ice_cream::shaved_ice::icecream::takeout_box:

my PR is accepted :slight_smile:

(Davide Principi) split this topic #55

A post was split to a new topic: Enable SMTP Login/Sender address validation