SolvedMailu Allow specific users to send email from any address

Before switching to Mailu I had postfix set up so that my admin user admin@mydomain.dev could impersonate / send email as any other user.

This was extremely useful for sending email programmatically from multiple sources, e.g. from a web app that needs to send email from *@mydomain.dev and several other domains like *@admin.mydomain.dev/*@someotherdomain.dev.

I suspect I can add something into overrides/postfix.conf to get this behavior back, but I'm not sure how to do it since I only want a specific user to be able to impersonate others, not all users. Ideally there would be a UI page to configure the permitted sender addresses for each user, with sqlite-style wildcard support.

smtpd_client_restrictions =
  permit_mynetworks,
  check_sender_access ${podop}senderaccess,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_unverified_recipient,
  permit

smtpd_relay_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination

For now, given I'm the only one using the server and I need this behavior back ASAP, can I just remove the check_sender_access ${podop}senderaccess, line? Or is there a better long-term fix?

I also cant just use RELAYNETS with some whitelisted IPs becuase the servers doing the sending have dynamic IP addresses that often change, I need it to be whitelisted on a per-user basis not a per-sender-ip basis.

Useful links:

41 Answers

โœ”๏ธAccepted Answer

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them โ€” and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the ๐Ÿ˜ƒ icon to the top-right).

  • ๐Ÿ‘๏ธ if you need this to be able to use Mailu. Ideally, youโ€™d also be able to test this on your installation, and provide feedback โ€ฆ
  • ๐ŸŽ‰ if you find it a nice bonus, but no deal-breaker
  • ๐Ÿš€ if you want to work on it yourself!
    We want to keep this voting open for 2 weeks from now, so please help out!

Other Answers:

I figured it out using overrides. For anyone else trying to do this, here's the full config I ended up with. This config will allow a specific authenticated mailu/smtp user admin@mydomain.com to send mail from *@*, and as an example I added a slightly more limited admin@otherdomain.com user that can only send from any *@otherdomain.com address.

data/overrides/postfix.cf:
Beware, this removes most restrictions on allowed sending addresses (do not use with mailservers that have open registration, only use if all your users are trusted / never send spam)

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sender_login_maps = unionmap:{socketmap:unix:/tmp/podop.socket:senderlogin, pcre:/overrides/sender_logins}
sender_dependent_relayhost_maps = texthash:/overrides/relay_hosts
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = texthash:/overrides/sasl_passwd

Note: this used to say pcre:/overrides/sender_logins, socketmap:unix:/tmp/podop.socket:senderlogin but was fixed later.

texthash: is an alternative to hash: used so you don't have to run postmap every time you update them. There's little point in generating hashmaps for 3 line files, and the standard postfix setup already expects these to be stored in root-readable cleartext form next to the hashes anyway. You can also use pcre: instead of texthash: if you want to use regex to match addresses.

data/overrides/sender_logins:
Authorize only the admin@mydomain.com smtp user to send from any address on any domain
Authorize the admin@otherdomain.com user to send from any @otherdomain.com address

/.*/                      admin@mydomain.com
/.^*@otherdomain.com/     admin@otherdomain.com

After setting this up I verified that it works without needing to configure a catchall alias for admin@mydomain.com, and I also verified that the server is not acting as an open relay using a few different mailserver security scanning tools. The major change is that this config no longer restricts sender addresses as thoroughly (e.g. by checking that they're valid public FQDNs that resolve back to the correct ip and are owned by the correct user).

Assuming your users are trusted, the rest of the public-facing security model is relatively unimpacted, the server still requires proper sasl authentication and users not configured in sender_logins are still restricted to only sending from addresses they own. For users in sender_logins, sender address validation is totally unrestricted, they can even send from invalid addresses like root@localhost or root@12345 (but that's what I was trying to do all along).

(correct me if any of this is wrong though, I probably missed something along the way)


An unrelated optional thing that I ended up needing was the ability to relay some sending addresses through different smtp servers/providers.

You don't need this to use the above config, but you can add it if some of your sending address domains should be sent through a different server. (e.g. if you prefer to use a 3rd party like Mailgun or if spf/dmarc/dkim/mx records only allow sending from a specific server).

data/overrides/relay_hosts:
Relay all email sent from *@yetanotherdomain.com through Mailgun instead, relay *@example.com through mail.example.com, etc.

@yetanotherdomain.com     [smtp.mailgun.org]:587
@somegoogleappsdomain.com [smtp.gmail.com]:587
@example.com              [mail.example.com]:25

data/overrides/sasl_passwd:
credentials to use for remote smtp servers

[mail.example.com]:25 admin@example.com:passwordhere
[smtp.mailgun.org]:587 postmaster@yetanotherdomain.com:mailgunpasswordhere
[smtp.gmail.com]:587 username@gmail.com:passwordhere

I would also love to see this feature, as this is a key requirement of working with Owncloud/Nextcloud (the Owncloud server needs to be able to log in to Mailu and send email on behalf of many Mailu users).

I've implemented what @pirate suggested in #1904

I am not convinced that we want to support narrower configurations (where a user is allowed but only for specific aliases)... those that need it can use overrides.

More Issues: