Clarification on Postfix-SASL-auth

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Clarification on Postfix-SASL-auth

Anant Athavale
Dear all,

We want to implement postfix-sasl-auth for enabling our users to send  
mails from Internet.  We want to use LDAP for authentication.  I read  
that, it is possible to implement LDAP for authentication.

But, Mail clients like Outlook express also allow one to set a from  
address. This may allow Mail spoofing.  Is there a way in Postfix  
which will make sure that, only the authenticated username is sent in  
 From id?

Regards,
ANANT.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply | Threaded
Open this post in threaded view
|

Re: Clarification on Postfix-SASL-auth

Patrick Ben Koetter
* [hidden email] <[hidden email]>:
> Dear all,
>
> We want to implement postfix-sasl-auth for enabling our users to send  
> mails from Internet.  We want to use LDAP for authentication.  I read  
> that, it is possible to implement LDAP for authentication.

Use the ldapdb auxprop plugin for that.

>
> But, Mail clients like Outlook express also allow one to set a from  
> address. This may allow Mail spoofing.  Is there a way in Postfix which
> will make sure that, only the authenticated username is sent in From id?

Yes, this is possible. Read into these parameters:

smtpd_sender_login_maps
reject_authenticated_sender_login_mismatch
reject_unauthenticated_sender_login_mismatch
reject_sender_login_mismatch


p@rick

>
> Regards,
> ANANT.
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
Reply | Threaded
Open this post in threaded view
|

Re: Clarification on Postfix-SASL-auth

Anant Athavale
Dear Patrick Ben Koetter,

Thanks for the positive reply. I have gone through step-by-step  
documentation on setting up Postfix-SASL-auth.  Will start testing  
from today and let you know the feedback.

Regards,
ANANT.


Quoting "Patrick Ben Koetter" <[hidden email]>:

> * [hidden email] <[hidden email]>:
>> Dear all,
>>
>> We want to implement postfix-sasl-auth for enabling our users to send
>> mails from Internet.  We want to use LDAP for authentication.  I read
>> that, it is possible to implement LDAP for authentication.
>
> Use the ldapdb auxprop plugin for that.
>
>>
>> But, Mail clients like Outlook express also allow one to set a from
>> address. This may allow Mail spoofing.  Is there a way in Postfix which
>> will make sure that, only the authenticated username is sent in From id?
>
> Yes, this is possible. Read into these parameters:
>
> smtpd_sender_login_maps
> reject_authenticated_sender_login_mismatch
> reject_unauthenticated_sender_login_mismatch
> reject_sender_login_mismatch
>
>
> p@rick
>
>>
>> Regards,
>> ANANT.
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.