Configuring Authorization for Postfix 2021-05-02

Disclaimer: I’m not an expert on mail server configurations. I give no guarantees on the correctness of the information on this page. I’m not responsible if you use any of the options and your server gets abused.

If you run a Mail Transfer Agent (MTA) on your Linux machine, chances are you followed a guide for its configuration. Unless you have one Unix account per user, this will likely be a “virtual (user) mail server”. There are many guides available describing this setup and how to connect Postfix to a database. This includes the wiki pages by Gentoo and Arch Linux, which is based on the former, but also a couple more.

Actually, there are many more guides if you open your favorite search engine, but the mentioned ones at least configure “authentication”: In one of the steps, the guides configure smtpd_sasl_auth_enable = yes with some smtpd_sasl_type. This requires the sender to provide a username and a matching password before the server accepts a message. Otherwise, the server would be an “open relay” distributing emails from anybody, including spammers.

However, as far as I can tell, none of the guides I found explain how to set up “authorization”: Once authenticated, a user would be able to send messages in the name of any address of all configured domains (in case there is more than one). That may be fine if you are the only user, or if you trust all of your users and services. But it still nagged me, and I eventually found the solution in the Postfix SASL Howto.

To briefly summarize the configuration, there are two aspects:

  1. First, we need to tell Postfix which sender address is “owned” by which user. For most virtual setups using PostfixAdmin, this can be as trivial as smtpd_sender_login_maps = $virtual_alias_maps: This actually includes the “normal” because PostfixAdmin also inserts all mailboxes as aliases. If you don’t want users to send in the name of that redirects to them, it’s of course possible to create your own map.
  2. Second, reject_sender_login_mismatch makes Postfix reject the message if the login is not allowed to send from that address.

And that’s it.

You do not need to agree with my opinions expressed in this blog post, and I'm fine with different views on certain topics. However, if there is a technical fault please send me a message so that I can correct it!