I use Kopano as Univention App/
it’s complex problem.
by default Postfix from Univention allow to send email from every address for authenticated users.
It could be solved by
ucr set mail /postfix/smtpd/restrictions/recipient/20 = “reject_authenticated_sender_login_mismatch”
but this is not a good solution if you use Kopano and you use smtp/imap configured mail clients.
Kopano adding additional custom schemas to ldap such as k4uUserSendAsPrivilege that allow user to send email as other user. It’s works only if you use web interface. Postfix has no checking scripts for this.
So if you implemented “reject_authenticated_sender_login_mismatch” to close the bug , you will not able to use "UserSendAsPrivilege " by smtp.
There is univention script listfilter.py that checks if users allowed to send email to group. it works as filter for
smtpd_recipient_restrictions = check_policy_service unix:private/listfilter,
Is there a solution for k4uUserSendAsPrivilege or i should write same script for it?