How to restrict the field "From" mismatch for emails and prevent outbound mail spoofing?




  • Avatar
    Siniša Burina


    On Debian jessie, with postfix version 2.11.3-1+deb8u2, I'm getting the following notification in the log file, and the solution does not work:

    warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
    warning: restriction `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support

    Can you please advise?


  • Avatar
    Siniša Burina


    Here's the information, in case someone else bumps into the same issue.

    The above-mentioned restriction, if put into the file, actually gets enabled to both incoming SMTP connections and submissions, which is not what we really want. So, instead of configuring it in, put it in, submission config:

    submission inet n - - - - smtpd
    -o smtpd_enforce_tls=no
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
    -o smtpd_recipient_restrictions=$submission_recipient_restrictions
    -o smtpd_end_of_data_restrictions=$submission_end_of_data_restrictions

    Et voila! :)

  • Avatar
    Alexandr Redikultsev

    Hi @Siniša Burina!

    Thanks for sharing!

  • Avatar
    Siniša Burina

    Hey! What happened to my previous post? Was it dangerous in some way so you decided to remove it?

Please sign in to leave a comment.

Have more questions? Submit a request