Thanks to @stephdl it is now possible to Check authenticated user/identity before sending ¹: current SMTP/AUTH login name must be authorized to use a sender address.
Imagine that we have the user joe and the account domain example.com. The following rules apply:
User joe can write as joe@example.com
If joe is listed as recipient in the email alias sales@example.com he can also send messages as sales@example.com
Similarly, if joe is recipient for email alias joe.brown@aliasdomain.com he can set that address as sender
Any other sender address is forbidden for user joe. Hence shared mailbox permissions does not affect sender address authorization
To enforce the rules above, enable the e-smith SenderValdation prop in postfix key ²:
Yes, as said the 2nd point: If joe is listed as recipient in the email alias…
About groups: apart from IMAP ACLs, they are not related with the mail server configuration
The setting is a system-wide configuration switch: once enabled it affects all the users. It could be possible to implement individual user policies with a template-custom.
In my mind, an user-related useful option could be the override of the address validation.
A sysadmin could configure any MFP with only one SMTP account but multiple senders and recipients for SMTP-delivered scans.
I also guess that this could became quite a nightmare as implementation.
What happens to the ‘mail address’ that is used for, for example, system update notifications? Or backup status notifications?
For example, when the backup status notification is sent by a non existent (alias) email address, it is sent now anyway. If I activate this feature, would that stop sending those notification mails?
Second: IF the notification mails are stopped because of this and I still wanted to use that mailaddress for notifications, to what account should the alias be added? (AFAIK the accounts listed are not local accounts, but accountprovider accounts… this is a problem?)