By default, Postfix allows sending as another user when logged in, even non-existent ones.
To reproduce:
I have postfix running with STARTTLS and authentication enabled.
Connect to the MTA with openssl s_client -starttls smtp -connect server.com:587 -crlf
Authenticate using credentials in BASE64, receiving 235 2.7.0 Authentication successful
Now, I am allowed to set MAIL FROM:<somebody@server.com> and send the mail to a domain, such as server.com itself. Meaning users can spoof themselves as other users.
Is this expected behavior? I'm aware that DKIM and SPF should block mails from another domain, but one can still only fake their username.
How can I configure Postfix to allow only to send a mail as the user logged in?
I found it, configure these settings in either the main.cf or master.cf to make it work:
smtpd_recipient_restrictions = reject_sender_login_mismatch,permit_sasl_authenticated
Description taken from the dev site.
Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access restriction lists" for a discussion of evaluation context and time. The default is to permit everything."