Feature Request

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Feature Request

Yukthi Systems
​Hi,

 We are trying to restrict the users from editing their email id when
sent through their email client, we are already using the sender login
maps but still the end users sending from email clients are able to edit
the from header, is there a way to overcome this.

Regards
Yukthi​

Reply | Threaded
Open this post in threaded view
|

Re: Feature Request

Viktor Dukhovni

> On May 3, 2017, at 10:37 AM, Yukthi Systems <[hidden email]> wrote:
>
>  We are trying to restrict the users from editing their email id when
> sent through their email client, we are already using the sender login
> maps but still the end users sending from email clients are able to edit
> the from header, is there a way to overcome this.

You could try (in the port 587 MSA) implement an access(5) action that
prepends a header:

        check_sender_access pcre:${config_directory}/sender_acl.pcre

   sender_acl.pcre:
        /(.*)/ PREPEND X-Submission-From: $1

With that, and only for the submission service via a custom cleanup(8)
instance (-o cleanup_service_name=...) use header_checks(5) to replace
the From: header:

        /^From/ IGNORE
        /^X-Submission-(From:.*)/ REPLACE $1

This will not populate the "From:" header with a "display name", it will
have just the sender address, and may not work correctly if the address
requires "quoting", because the input to access(5) is in "unquoted"
form IIRC.  This is also not tested, I may have forgotten some essential
detail that makes this impractical.

--
        Viktor.