Re: address rewriting for remote clients

Wed, 23 Dec 2009 17:31:32 -0800 

Hi.
btw: Thanks for your efforts in answering my questions, and sorry for posting to -devel before (did not notice in the beginning, that this is not meant for bug/feature reports). 

Quoting Wietse Venema <wie...@porcupine.org>:

clients (depending on local_header_rewrite_clients) and for remote
clients only if remote_header_rewrite_domain is not empty.

This only trips up people who can't read what the text says, and
instead read what they want to read.

Well,... I just got confused as I saw the envelope addresses to be  
rewritten in my logs,.. sorry.




- Envelope sender and recipient addresses are ALWAYS (regardless of

Indeed. Does the documentation ever claim otherwise?

No not really.
http://www.postfix.org/ADDRESS_REWRITING_README.html#standard ,
http://www.postfix.org/postconf.5.html#append_dot_mydomain ,
http://www.postfix.org/postconf.5.html#append_at_myorigin and

say addresses which refers as I know understand to both (envelope and  
header). But they're also refer to the remote_header_rewrite_domain and

local_header_rewrite_clients and the later rewrite chapters directly  
named envelope and header addresses...

So again,.. this confused me probably a little bit. My fault, sorry!



In case you wonder why bare name is handled as n...@$myorigin,
this is because doing otherwise would open a giant hole in the
Postfix defenses (people would have to specify more access rules).

Not sure if understand what you mean.


Anyway,.. it seems that it's possible for a remote client to send mail  
that looks as if it would come from the host postfix is running on,  
right?!
Either as just "root" or "r...@host" (without the domain) if  
append_dot_mydomain = no and remote_header_rewrite_domain is empty.  
But even if not empty a remote client could still simply use  
r...@host.domain.tld as sender.



Of course I understand that mail does not guarantee sender  
authenticity but this is still a security problem, isn't it?
I mean it's easily possible to reject reject_non_fqdn_sender and I  
think even envelope sender addresses that match any of the canonical  
domains,.. but this doesn't help with the headers.

Is there an easy way for this problem? Or do I misunderstand something.


Cheers,
Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.























					Reply via email to