Re-enable sender access check to prevent source spoofing

core/admin/mailu/internal/views/postfix.py

@@ -40,3 +40,15 @@ def postfix_transport(email):
     localpart, domain = email.split('@', 1) if '@' in email else (None, email)
     relay = models.Relay.query.get(domain) or flask.abort(404)
     return flask.jsonify("smtp:[{}]".format(relay.smtp))
+
+
+@internal.route("/postfix/sender/<sender>")
+def postfix_sender(sender):
+    """ Simply reject any sender that pretends to be from a local domain
+    """
+    localpart, domain_name = sender.split('@', 1) if '@' in sender else (None, sender)
+    domain = models.Domain.query.get(domain_name)
+    alternative = models.Alternative.query.get(domain_name)
+    if domain or alternative:
+        return flask.jsonify("REJECT")
+    return flask.abort(404)

core/postfix/conf/main.cf

@@ -87,6 +87,7 @@ smtpd_helo_required = yes
 
 smtpd_client_restrictions =
   permit_mynetworks,
+  check_sender_access ${podop}sender,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,

core/postfix/start.py

@@ -17,6 +17,7 @@ def start_podop():
 		("alias", "url", "http://admin/internal/postfix/alias/§"),
 		("domain", "url", "http://admin/internal/postfix/domain/§"),
         ("mailbox", "url", "http://admin/internal/postfix/mailbox/§"),
+        ("sender", "url", "http://admin/internal/postfix/sender/§")
     ])
 
 convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))