Tomoyuki Murakami:
> > Tomoyuki Murakami:
> >> > First, this would accept mail for forwarder+anyuser=anydom...@my.dom,
> >> > meaning that it would be an open relay. A more secure implementation
> >> > would compute a hash of (orig_sen...@domain.com, local secret) and
> >> > include that hash in the return address.
> >>
> >> I guess, with my patch alone, could not cause open relay, but ...
> >
> > It is an open relay.
> >
> > To exploit: send mail to postmaster+anyuser=anydom...@my.dom where
> > my.dom is your domain, and Postfix will deliver it to anyu...@anydomain.
>
> oops! I could't find such a decoding mechanism, i.e.
> postmaster+anyuser=anydom...@my.dom to anyu...@anydomain
> in the Postfix souce. Is this realized in bare Postfix with
> specific configuration or cooperation with its plug-ins ?
>
> For my previous patch, just rewriting sender one-way and it may
> be `in-complete' in the meaning of implementing SRS.
Indeed. A complete SRS implementation forwards mail in both
directions. To avoid being an open relay, it must use some
secret to "sign" the SRS-transformed address. This is one
reason why SRS should not be implemented with VERP.
Wietse
