1) Let Postfix
remove the from header. Postfix will add the envelope
sender as the from header (as discussed on Postfix mailing list)
This is only useful if Djigzo should be limited to be used with Postfix.
2) Create a mailet that checks whether the
envelope sender is equal to
the from and if not bounce the message
This would be the most "secured" possibility. Not sure how this would
interact with BATV and the like.
3) Create a mailet that makes the from header
equal to the envelope
Could this be configurable to choose between 2. and 3. maybe even in the
I prefer solution 3 because you can tell Postfix that it should not
accept the message when envelope sender is not equal to the SASL
authenticated user. With solution 3 Djigzo then makes sure that the from
is equal to the envelope sender.
A problem with both solutions is that the check should only be done when
the user has authenticated via SASL (and when you enable the option of
course). You can add a SASL Authenticated header to the Received header
but I don't know how reliable checking for this is.
This is something from Jetty installed by default (see
/etc/jetty6/jetty.xml) and i'm not sure if it is save to disable...
I will check this
Djigzo open source email encryption