The check-sender-addresses configuration variable

check-sender-addresses directs whether Archiveopteryx should check whether the sender addresses on outgoing messages are explicitly permitted or not.

If this variable is enabled, then a user is only permitted to send mail where the From, Return-Path, Sender and Resent-From addresses contain addresses tied to that user. It has no effect on Reply-To.

An address is tied to a user if mail to that address lands in a mailbox belonging to that user. It can also be tied to a user using ACL, if user has the "p" right on that mailbox.

Example

Assume that user Nirmala has address nirmala@example.com. The alias sales.madrid@example.com is also bound to /users/nirmala/inbox. Nirmala is then allowed to use both nirmala@example.com and sales.madrid@example.com as From addresses.

The alias sales.spain@example.com is goes to a different mailbox, /groups/sales.spain, which is not owned by Nirmala, so she cannot send mail "from" sales.spain@example.com. However, if she has the ACL right p on /groups/sales.spain, then she can send mail "from" sales.spain@example.com.

This command grants Nirmala the rights to read the sales.spain mailbox, set seen and other flags, and send mail "from" sales.spain@example.com.

aox setacl /groups/sales.spain nimala plrswn

check-sender-addresses is a toggle. Its default value is false:

check-sender-addresses = false

You can see its current value with the command aox show cf check-sender-addresses.

Toggle syntax

Toggles are written as a single word. Yes, true, on, 1, and enabled all mean that the toggle is enabled, while no, false, off, 0, and disabled unsurprisingly mean disabled. Toggles are case-insensitive.

Spaces are allowed at the start of the line, before and after '=', and after the value. Comments extend from '#' to the end of the line.

Relevant links

• Archiveopteryx configuration
• SMTP submission in Archiveopteryx
• Access control lists