postfix: require that login matches envelope FROM

Testing that envelope FROM matches From: header already happens in filtermail and tested with `test_reject_forged_from`. The most important part here is `reject_sender_login_mismatch` check documented in <https://www.postfix.org/postconf.5.html#reject_sender_login_mismatch>.
2024-01-24 18:59:51 +00:00 · 2024-01-24 18:59:51 +00:00 · ea36e73b8e
commit ea36e73b8e
parent da268b57d4
2 changed files with 16 additions and 0 deletions
--- a/cmdeploy/src/cmdeploy/postfix/main.cf.j2
+++ b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
@ -45,3 +45,7 @@ inet_protocols = all

 virtual_transport = lmtp:unix:private/dovecot-lmtp
 virtual_mailbox_domains = {{ config.mail_domain }}
+
+mua_client_restrictions = permit_sasl_authenticated, reject
+mua_sender_restrictions = reject_sender_login_mismatch, permit_sasl_authenticated, reject
+mua_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit
--- a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
@ -42,6 +42,18 @@ def test_reject_forged_from(cmsetup, maildata, gencreds, lp, forgeaddr):
    assert "500" in str(e.value)


+def test_authenticated_from(cmsetup, maildata):
+    """Test that envelope FROM must be the same as login."""
+    user1, user2, user3 = cmsetup.gen_users(3)
+
+    msg = maildata("encrypted.eml", from_addr=user2.addr, to_addr=user3.addr)
+    with pytest.raises(smtplib.SMTPException) as e:
+        user1.smtp.sendmail(
+            from_addr=user2.addr, to_addrs=[user3.addr], msg=msg.as_string()
+        )
+    assert e.value.recipients[user3.addr][0] == 553
+
+
@pytest.mark.parametrize("from_addr", ["fake@example.org", "fake@testrun.org"])
 def test_reject_missing_dkim(cmsetup, maildata, from_addr):
    """Test that emails with missing or wrong DMARC, DKIM, and SPF entries are rejected."""