Currently services can send e-mails as users, and vice versa. Users can also
send e-mails as other users.
We should validate that the user sending an e-mail owns the address (can also be
an alias) before being able to send.
Most likely, we can use Postfix's smtpd_sender_login_maps for this.
Currently services can send e-mails as users, and vice versa. Users can also
send e-mails as other users.
We should validate that the user sending an e-mail owns the address (can also be
an alias) before being able to send.
Most likely, we can use Postfix's
smtpd_sender_login_mapsfor this.