diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index f624bffb..265eccd7 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -301,6 +301,18 @@ def _configure_postfix(config: Config, debug: bool = False) -> bool:
     )
     need_restart |= header_cleanup.changed
 
+    # Login map that 1:1 maps email address to login.
+    login_map = files.put(
+        src=importlib.resources.files(__package__).joinpath(
+            "postfix/login_map"
+        ),
+        dest="/etc/postfix/login_map",
+        user="root",
+        group="root",
+        mode="644",
+    )
+    need_restart |= login_map.changed
+
     return need_restart
 
 
diff --git a/cmdeploy/src/cmdeploy/postfix/login_map b/cmdeploy/src/cmdeploy/postfix/login_map
new file mode 100644
index 00000000..57a823bc
--- /dev/null
+++ b/cmdeploy/src/cmdeploy/postfix/login_map
@@ -0,0 +1 @@
+/^(.*)$/	${1}
diff --git a/cmdeploy/src/cmdeploy/postfix/main.cf.j2 b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
index 69375794..e46f13a3 100644
--- a/cmdeploy/src/cmdeploy/postfix/main.cf.j2
+++ b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
@@ -49,3 +49,6 @@ virtual_mailbox_domains = {{ config.mail_domain }}
 mua_client_restrictions = permit_sasl_authenticated, reject
 mua_sender_restrictions = reject_sender_login_mismatch, permit_sasl_authenticated, reject
 mua_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit
+
+# 1:1 map MAIL FROM to SASL login name.
+smtpd_sender_login_maps = regexp:/etc/postfix/login_map