MAIL FROM and From authorization

Module check.authorize_sender verifies that envelope and header sender addresses belong to the authenticated user. Address ownership is established via table that maps each user account to a email address it is allowed to use. There are some special cases, see user_to_email description below.

check.authorize_sender {
    prepare_email identity
    user_to_email identity
    check_header yes

    unauth_action reject
    no_match_action reject
    malformed_action reject
    err_action reject

    auth_normalize precis_casefold_email
    from_normalize precis_casefold_email
}
check {
    authorize_sender { ... }
}

Configuration directives

Syntax: user_to_email table
Default: identity

Table to use for lookups. Result of the lookup should contain either the domain name, the full email address or "" string. If it is just domain - user will be allowed to use any mailbox within a domain as a sender address. If result contains "" - user will be allowed to use any address.

Syntax: check_header boolean
Default: yes

Whether to verify header sender in addition to envelope.

Either Sender or From field value should match the authorization identity.

Syntax: unauth_action action
Default: reject

What to do if the user is not authenticated at all.

Syntax: no_match_action action
Default: reject

What to do if user is not allowed to use the sender address specified.

Syntax: malformed_action action
Default: reject

What to do if From or Sender header fields contain malformed values.

Syntax: err_action action
Default: reject

What to do if error happens during prepare_email or user_to_email lookup.

Syntax: auth_normalize action
Default: precis_casefold_email

Normalization function to apply to authorization username before further processing.

Available options: - precis_casefold_email PRECIS UsernameCaseMapped profile + U-labels form for domain - precis_casefold PRECIS UsernameCaseMapped profile for the entire string - precis_email PRECIS UsernameCasePreserved profile + U-labels form for domain - precis PRECIS UsernameCasePreserved profile for the entire string - casefold Convert to lower case - noop Nothing

Syntax: from_normalize action
Default: precis_casefold_email

Normalization function to apply to email addresses before further processing.

Available options are same as for auth_normalize.