Tomoyuki Murakami:
> > First, this would accept mail for forwarder+anyuser=anydom...@my.dom,
> > meaning that it would be an open relay. A more secure implementation
> > would compute a hash of (orig_sen...@domain.com, local secret) and
> > include that hash in the return address.
>
> I guess, with my patch alone, could not cause open relay, but ...
It is an open relay.
To exploit: send mail to postmaster+anyuser=anydom...@my.dom where
my.dom is your domain, and Postfix will deliver it to anyu...@anydomain.
> > Second, Postfix has a plugin interface that supports implementations
> > SRS, SPF, DKIM, SenderID, etc. I currently have no plans to build
> > these into Postfix.
>
> OK, I'd like to consider these lines too.
There is a famous book called the "mythical man-month" by Fred
Brooks. In figure 1.1, it shows four categories of software.
- The simplest is an "in-house" program that solves a specific
problem. This is like hard-coding DKIM or SRS into Postfix.
There is nothing wrong with building something into a program,
but each time you do this, it will be a little harder.
- Three times as expensive is a programming product that is
documented, testable, and maintainable. About half of the Postfix
source tree is documentation and test programs/data, but especially
the tests are incomplete.
- Also three times as expensive is a programming system that has
interfaces that work with other systems. This is like Postfix's
Milter and Filter interfaces, Postfix table lookup based on files,
LDAP, *SQL, NIS, the ability to use "postconf -e" to update
configurations mechanically, etc.
- Postfix is in the nine times as expensive category: it is mostly
a programming system product.
Wietse
