One of the problems I’ve encountered is that my web application needs to be able to send email on behalf of other users. Of course we don’t want to allow any arbitrary user to spoof another user’s account, but I believe that admin accounts, at least, should have this privilege.
I was able to make this happen by modifying the query in /etc/postfix/sender-login-maps.cf:
SELECT permitted_senders
FROM (
SELECT permitted_senders
FROM (
SELECT permitted_senders, 0 AS priority
FROM aliases
WHERE source='%s'
AND permitted_senders IS NULL
UNION
SELECT email as permitted_senders, 2 AS priority
FROM users
WHERE email='%s'
)
ORDER BY priority LIMIT 1
)
UNION
SELECT email as permitted_senders
FROM users
WHERE privileges="admin"
AND SUBSTR(email, INSTR(email, '@') + 1) = SUBSTR('%s', INSTR('%s', '@') + 1);
You will of course need to restart Postfix after making configuration changes: sudo /etc/init.d/postfix restart
The “nice” way to do this is to not try to impersonate other users in the envelope address but just set From: or Reply-To: (and possibly then Sender:) headers as needed (which are not validated).
Yes, that is the problem - by default, Postfix will reject messages where Sender and From do not match.
You can, as @bronson points out, disable this completely by removing reject_authenticated_sender_login_mismatch from the configuration file. However, this is a bad idea as a global policy, because it makes it easier for compromised accounts to be used as spam relays.
My proposal is a compromise, and allows “admin” accounts to mix-and-match Sender and From, but not standard user accounts.
No, it compares the login to the envelope address (also known as the return path). This is different from the From header. The From header is not checked.
Hmm, then maybe my mail library (PHPMailer) is changing both the From and Return-Path headers when I set the From property? Postfix is definitely rejecting mails when I set From differently from my login. I’ll have to look into it and see if PHPMailer is doing something funky.