71 lines
3.5 KiB
HTML
71 lines
3.5 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Allow certain users to send email as another user</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="https://www.iredmail.org" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><div class="admonition note">
|
|
<p class="admonition-title">This tutorial is available in other languages. <a href="https://github.com/iredmail/docs">Help translate more</a></p>
|
|
<p><a href="./allow.certain.users.to.send.email.as.different.user-it_IT.html">Italiano</a> /</p>
|
|
</div>
|
|
<h1 id="allow-certain-users-to-send-email-as-another-user">Allow certain users to send email as another user</h1>
|
|
<p>iRedMail configures Postfix to reject the request when sender specifies an
|
|
owner for the MAIL FROM address (<code>From:</code> header), but the client is not (SASL)
|
|
logged in as that MAIL FROM address owner; or when the client is (SASL) logged
|
|
in, but the client login name doesn't own the MAIL FROM address.</p>
|
|
<p>Sometimes we do need to send email as another user, this tutorial describes
|
|
how to allow certain users to do this with iRedAPD plugin
|
|
<code>reject_sender_login_mismatch</code>.</p>
|
|
<ul>
|
|
<li>
|
|
<p>Remove <code>reject_sender_login_mismatch</code> restriction rule in Postfix
|
|
setting <code>smtpd_sender_restrictions</code> (<code>/etc/postfix/main.cf</code>). Out iRedAPD
|
|
plugin will do the same restriction for you.</p>
|
|
<p>After removed <code>reject_sender_login_mismatch</code>, Postfix setting looks like
|
|
below:</p>
|
|
</li>
|
|
</ul>
|
|
<pre><code>smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Enable plugin <code>reject_sender_login_mismatch</code> in iRedAPD config file
|
|
<code>/opt/iredapd/settings.py</code>:</li>
|
|
</ul>
|
|
<pre><code class="python">plugins = ['reject_sender_login_mismatch', ...]
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>List senders who are allowed to send email as different users in iRedAPD
|
|
config file <code>/opt/iredapd/settings.py</code>, in parameter
|
|
<code>ALLOWED_LOGIN_MISMATCH_SENDERS</code>. For example:</li>
|
|
</ul>
|
|
<pre><code class="python">ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
|
|
</code></pre>
|
|
|
|
<pre><code>NOTE: this parameter does not present by default, please add it manually.
|
|
</code></pre>
|
|
<p>Restart iRedAPD service. That's all.</p><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
|
<script>
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
|
|
gtag('config', 'UA-3293801-21');
|
|
</script>
|
|
</body></html> |