Thanks to @stephdl it is now possible to Check authenticated user/identity before sending ¹: current SMTP/AUTH login name must be authorized to use a sender address.
Imagine that we have the user
joe and the account domain
example.com. The following rules apply:
joe can write as
joe is listed as recipient in the email alias
firstname.lastname@example.org he can also send messages as
- Similarly, if
joe is recipient for email alias
email@example.com he can set that address as sender
- Any other sender address is forbidden for user
joe. Hence shared mailbox permissions does not affect sender address authorization
To enforce the rules above, enable the e-smith
SenderValdation prop in
postfix key ²:
# config setprop postfix SenderValidation enabled
# signal-event nethserver-mail-server-update
To enable authenticated submission on WebTop, execute the commands documented here: http://docs.nethserver.org/en/v7/webtop5.html#smtp-setting
DISCLAIMER as the rule list could be subject to changes, please consider this #howto as alpha!
- Check authenticated user/identity before sending
Yes, as said the 2nd point: If
joe is listed as recipient in the email alias…
About groups: apart from IMAP ACLs, they are not related with the mail server configuration
The setting is a system-wide configuration switch: once enabled it affects all the users. It could be possible to implement individual user policies with a template-custom.
In my mind, an user-related useful option could be the override of the address validation.
A sysadmin could configure any MFP with only one SMTP account but multiple senders and recipients for SMTP-delivered scans.
I also guess that this could became quite a nightmare as implementation.
What happens to the ‘mail address’ that is used for, for example, system update notifications? Or backup status notifications?
For example, when the backup status notification is sent by a non existent (alias) email address, it is sent now anyway. If I activate this feature, would that stop sending those notification mails?
Second: IF the notification mails are stopped because of this and I still wanted to use that mailaddress for notifications, to what account should the alias be added? (AFAIK the accounts listed are not local accounts, but accountprovider accounts… this is a problem?)