Sahil Tandon wrote:
On Tue, 07 Jul 2009, Sahil Tandon wrote:
On Tue, 07 Jul 2009, Daniel L. Miller wrote:
So...my initial thought was I'd have to create a public Internet name
for the fax gateway, and apply some level of security to only accept
submissions from Intuit. However, I'm now wondering if I can accomplish
the same thing by using address extensions instead of a different server
name. So I'd be sending emails to "1234567890+...@mydomain.com", and
Postfix would then identify a fax is to be sent by the extension,
translate that to "1234567...@fax.myinternaldomain.com", and process
accordingly. I would still have to protect the "fax" extension, but my
thought is that the extension would be less likely to be probed than a
published DNS name, and therefore be subject to fewer attacks.
Use some sort of virtual alias mapping along with ensuring that
foo+...@example.org is valid at SMTP time. Untested example:
/^(\d+)\+...@mydomain.com$/ $...@fax.myinternaldomain.com
Just to clarify, the above is a PCRE map example.
I think it's more natural to implement the other way around...
fax+num...@example.com
where f...@example.com is a valid user with a transport map
pointing to the fax software interface, and the address
extension is the phone number.
Or better, use a subdomain:
num...@fax.example.com
either way, use smtpd_*_restrictions to restrict access to the
recipient.
-- Noel Jones
