One of the problems I’ve encountered is that my web application needs to be able to send email on behalf of other users. Of course we don’t want to allow any arbitrary user to spoof another user’s account, but I believe that admin accounts, at least, should have this privilege.
I was able to make this happen by modifying the query in /etc/postfix/sender-login-maps.cf:
SELECT permitted_senders, 0 AS priority
AND permitted_senders IS NULL
SELECT email as permitted_senders, 2 AS priority
ORDER BY priority LIMIT 1
SELECT email as permitted_senders
AND SUBSTR(email, INSTR(email, '@') + 1) = SUBSTR('%s', INSTR('%s', '@') + 1);
You will of course need to restart Postfix after making configuration changes: sudo /etc/init.d/postfix restart
Yes, that is the problem - by default, Postfix will reject messages where Sender and From do not match.
You can, as @bronson points out, disable this completely by removing reject_authenticated_sender_login_mismatch from the configuration file. However, this is a bad idea as a global policy, because it makes it easier for compromised accounts to be used as spam relays.
My proposal is a compromise, and allows “admin” accounts to mix-and-match Sender and From, but not standard user accounts.
Hmm, then maybe my mail library (PHPMailer) is changing both the From and Return-Path headers when I set the From property? Postfix is definitely rejecting mails when I set From differently from my login. I’ll have to look into it and see if PHPMailer is doing something funky.