On Thu, Dec 30, 2010 at 12:17:57PM -0600, michael.lar...@wellsfargo.com wrote:
> > # See what addresses are allowed to relay as senders.
> > # Check them against allowed recipients in recipient_access
> > # under smtpd_restriction_classes.
> > check_sender_access hash:/etc/postfix/sender_access
>
>
> Viktor said:
>
> "This makes you an open relay for forged sender addresses."
>
> Yes, Noel made me aware of that risk when answering the original query, I
> just don't know what to do about it and maintain the basic functionality of
> what I'm trying to achieve (see below).
>
Not *a risk*, rather an inevitable, and difficult to recover from exploit.
DO NOT base relay access on envelope sender address information, it is
trivially forged.
Upthread:
I need a way to implement
"check_sender_access_AND_check_recipient_access"
Your problem is almost certainly best solved by using each of the
multiple restriction lists to check each of the required conditions.
cidr = cidr:${config_directory}/
indexed = ${default_database_type}:${config_directory}/
smtpd_client_restrictions =
check_client_access ${cidr}allowed-clients,
check_client_access static:discard
smtpd_sender_restrictions =
check_sender_access ${indexed}allowed-senders,
check_client_access static:discard
# The default is likely fine:
smtpd_recipient_restrictions =
check_recipient_access ${indexed}allowed-recipients,
check_client_access static:discard,
#
# At least one reject by default rule is required in
# smtpd_recipient_restrictions, defeat the logic by
# listing permit, then reject. In reality permit = discard.
#
permit, reject
With this all mail is discarded unless all the conditions below are met:
- From an allowed SMTP client (IP address CIDR table)
- From an allowed envelope sender (indexed via postmap lookup table)
- To an allowed envelope recipient (indexed via postmap lookup table)
--
Viktor.
