[postifx] Relay from addresses found in the address book.

This commit allows sending email only from email addresses (MAIL FROM)
present in the address book.

diff --git a/postfix/README b/postfix/README
index 2b972adcb4161190ea5e8b494daacc2249a879e9..ae1d9991e0f634ce9a25faa02cd607018ae4c58b 100644 (file)
--- a/postfix/README
+++ b/postfix/README
@@ -12,8 +12,9 @@ server. Only root should have write permissions to these files.
 
 postfix
 |
-|-> main.cf   -- /etc/postfix/ :: configuration parameters
-`-> master.cf -- /etc/postfix/ :: postfix daemon
+|-> main.cf         -- /etc/postfix/ :: configuration parameters
+|-> master.cf       -- /etc/postfix/ :: postfix daemon
+`-> address_book.cf -- /etc/postfix/ :: FROM query
 
 Install
 -------

diff --git a/postfix/address_book.cf b/postfix/address_book.cf
new file mode 100644 (file)
index 0000000..cd327d4
--- /dev/null
+++ b/postfix/address_book.cf
@@ -0,0 +1,8 @@
+user = dovecot
+password =
+
+dbname = mail_db
+
+query = SELECT CONCAT(username, '@', domain)
+        FROM users
+        WHERE CONCAT(username, '@', domain) = '%s'

diff --git a/postfix/main.cf b/postfix/main.cf
index e6d6217e3900b50fbac1907dfaf214e37ee38180..6c16a376abbe1fb71c9cb0114b1ad8a8e524c9fb 100644 (file)
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -43,6 +43,11 @@ smtpd_sasl_auth_enable = yes
 smtpd_sasl_path = private/auth
 smtpd_sasl_security_options = noactive, noanonymous, nodictionary
 smtpd_sasl_type = dovecot
+## Possible MAIL FROM addresses.
+smtpd_sender_login_maps = pgsql:/etc/postfix/address_book.cf
+## Restrictions on MAIL FROM.
+smtpd_sender_restrictions = reject_non_fqdn_sender,
+  reject_sender_login_mismatch, reject_unknown_sender_domain
 ## Authenticate RCPT TO address.
 smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
 

diff --git a/postfix/master.cf b/postfix/master.cf
index 3f71c94a5b8663e5db4f9cabd0a844755f5045b1..e59f0de47cc6b80fd4e5111ac8bbb001ae1a4c47 100644 (file)
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -15,7 +15,6 @@ smtp       inet  n       -       y       -       -       smtpd
 #dnsblog   unix  -       -       y       -       0       dnsblog
 #tlsproxy  unix  -       -       y       -       0       tlsproxy
 submission inet  n       -       y       -       -       smtpd
-  -o smtpd_sender_restrictions=reject_sender_login_mismatch
   -o smtpd_helo_restrictions=$mua_helo_restrictions
   -o milter_macro_daemon_name=ORIGINATING
 #smtps     inet  n       -       y       -       -       smtpd

diff --git a/postgres/pg_hba.conf b/postgres/pg_hba.conf
index 87c9bb7ba5795d5dea74bee3f8cabe11c10507e7..2b6bc56418d8d47304fb35d105c9ea3deb12edcb 100644 (file)
--- a/postgres/pg_hba.conf
+++ b/postgres/pg_hba.conf
@@ -91,6 +91,7 @@ local   all             postgres                                peer
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 
 local   mail_db         dovecot                                 trust
+host    mail_db         dovecot         ::1/128                 trust
 host    mail_db         dkim            ::1/128                 trust
 # "local" is for Unix domain socket connections only
 local   all             all                                     peer