How do you implement your User Policy

my Postfix server need to be hardened, I want add protection against spoofing user login via “From” header. I found your product, and in your Security Guide found something that perfectly fit to my needs:

While domain policy records prevent other servers from sending mail with a “From:” header that matches a domain hosted on the box (see above), those policy records do not guarnatee that the user portion of the sender email address matches the actual sender. In enterprise environments where the box may host the mail of untrusted users, it is important to guard against users impersonating other users.

The box restricts the envelope sender address (also called the return path or MAIL FROM address — this is different from the “From:” header) that users may put into outbound mail. The envelope sender address must be either their own email address (their SMTP login username) or any alias that they are listed as a permitted sender of. (There is currently no restriction on the contents of the “From:” header.)

Can you tell me how should I configure Postfix server to get this level of protection (matching full email address, not only domain part)?
Thanks for your help!

I’d start here:


This is for Zimbra, but it is about postfix: (This might not be what you need, but could possibly help point you in the right direction.