Wietse Venema via Postfix-users wrote in <[email protected]>: |R. Diez via Postfix-users: |> So my first question is: Is there a way to configure |> 'reject_sender_login_mismatch' and/or 'smtpd_sender_login_maps' |> so that they only apply to some SMTP accounts? The aim here is to |> designate one or more "superuser" SMTP accounts which are able to |> skip the 'reject_sender_login_mismatch' / 'smtpd_sender_login_maps' |> checks, so that they can impersonate any user they like. | |/etc/postfix/main.cf: | smtpd_sender_login_maps = | unionmap:{hash:/etc/postfix/sender_logins.cf, | pcre:/etc/postfix/sender_logins.pcre} | |/etc/postfix/sender_logins: | # Match specific accounts. | [email protected] bob | [email protected] alice | |/etc/postfix/sender_logins.pcre: | # Match any account. | /./ super-admin1, super-admin2 | |If you don't want to allow the super-admins to impersonate bob and |alice, then you need to remove the unionmap:{ } encapsulation above.
Thanks for this, i surely keep that in my "postfix/knowledge.mbox". (I wanted to ask aka go for the same around June.) |> Those configuration options are about the envelope address (the |> SMTP MAIL FROM address). The Postfix documentation also mentions |> the "From:" mail header: |> |> "Note: to enforce that the From: header address matches the envelope |> sender (MAIL FROM) address, use an external filter such as a Milter, |> for the submission or submissions (formerly called smtps) services." | |And it mentions with https://github.com/magcks/milterfrom. Sorry to be a spoiler here, but to be overly safe even on a submission service you should verify the addresses yourself in addition, to prevent certain constructs beforehand (the milter). I never tried it via a milter actually but if i use this wild mix of old- and new-style email addresses, i would think the given milterfrom fails for this construct that postfix accepts p$ telnet localhost 25 ... 220 kent.sdaoden.eu ESMTP Postfix ... RCPT TO:<"<[email protected]>" <[email protected]> (<[email protected]>)> 250 2.1.5 Ok ... because milterfrom simply performs a string search for a "<" and takes anything to the closing ">" in a "last match wins" approach. In the above it would, shall the milter get that entire construct, thus take the content of the comment, not the actual address. *I never really tried it.* |> I wonder whether Postfix is making this basic antispoofing feature |> too hard for basic/economic mail hosters to implement. I am thinking |> of some new, easy configuration option which rejects, or automatically |> replaces, the "From:" mail header without resorting to external |> filtering tools or to a full scripting language. |> |> Or may be there is some ready-to-use script which automatically |> replaces both the envelope address and the "From:" header to match |> the ones associated with the SMTP account, but only for those SMTP |> accounts listed in some configuration file? This way, not every |> hoster must implement it all from scratch. | |Postfix is not making it too hard. There is no deliberate effort |to sabotage users. Postfix just does not have support built-in to |make this particular thing "easy". | |This actually involves multiple features: 1) overriding envelope.from |with a mapping from sasl.login or unix.login; 2) overriding header.from |with envelope.from, presumably with a yes/no filter. It's not limited |to SMTP: there also is a policy for submissions with the Postfix |sendmail command-line tool. 'Thing is, email is *very* hard. Actually, *very very*. And then there is mediocre software which does not truly understand it, the one i maintain including, or software which temporarily has bugs, or even consciously messes (surely also exists), and all that. For example RFC 5322 quoted strings, and the RFC 2047 special rules on quoted strings, and then how software deals for example with strange things like '"Schnödes. \" Früchtchen @" (Hä!) <do@du>' where we bang against the wall of necessity for quoted-string, encoding of 8-bit, and the RFC 2047 forbiddance of using encoded-word in quoted-string. D'oh! (I do not really know the Simpsons.) So we have imperfect standards which are hard to obey, and Postel on the other hand: $ telnet localhost 25 ... 220 kent.sdaoden.eu ESMTP Postfix ... RCPT TO:<"Schnödes. \" Früchtchen @" (Hä!) <[email protected]>> 250 2.1.5 Ok (mutt deals with this one in particular i think, well, why not say brillantly, back and forth to the editor and back, wow!) But anyhow it seems to me that postfix does a very great job sucking out the actual addr-spec, and if it would actually parse (the first address of) From:, to compare it against envelope from, i would be an early user of that. P.S.: and what about Sender:? --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
