In postfix, how can I allow only certain users to send mail as any other user?

postfix

I figured out how to modify the query in /etc/postfix/sender-login-maps.cf to allow any user with "admin" privileges (as defined in the users.sqlite table) to send email as any other user at the same domain:

SELECT permitted_senders
FROM (
    SELECT permitted_senders
    FROM (
        SELECT permitted_senders, 0 AS priority
        FROM aliases
        WHERE source='%s'
        AND permitted_senders IS NULL
        UNION
        SELECT email as permitted_senders, 2 AS priority
        FROM users
        WHERE email='%s'
        )
    ORDER BY priority LIMIT 1
    )
UNION
SELECT email as permitted_senders
FROM users
WHERE privileges="admin"
AND SUBSTR(email, INSTR(email, '@') + 1) = SUBSTR('%s', INSTR('%s', '@') + 1);

So basically, if [email protected] is set as an admin (which you can do in the user database, or through your account configuration interface), then [email protected] will be allowed to send mail as [email protected], [email protected], etc. This seems like a reasonable policy to me.

Related

Let's Encrypt -- "DNS ... query timed out looking up CAA for ..."
Why is scp so slow on my network?
Right way of measuring overlay network performance
what is the size of an enum type data in C++?
changing kafka retention period during runtime
How do I set register a variable to persist between plays in ansible?
Implementing a switch statement in a CSHTML page
Is "new String()" immutable as well?
How to print a var using echo o print in a NDK-build Android.mk file to debug compilation?
Automapper: bidirectional mapping with ReverseMap() and ForMember()
How do I tell IntelliJ about groovy installed with brew on OSX
Angular2 - HTTP RequestOptions HEADERS