Invalid address is accepted by postfix

jcdole Sun, 30 Sep 2018 08:56:39 -0700

Hello.
After reading it seems that a valid local-part address is :

/The local-part of the email address may use any of these ASCII characters:


    *) uppercase and lowercase Latin letters A to Z and a to z;
       digits 0 to 9;
       special characters !#$%&'*+-/=?^_`{|}~;

    *) dot ., provided that it is not the first or last character unless
quoted, and provided also that it does not appear consecutively unless
quoted (e.g. john.....@example.com is not allowed but
"John..Doe"@example.com is allowed);[8]

Note that some mail servers wildcard local parts, typically the characters
following a plus and less often the characters following a minus, so
fred+bah@domain and fred+foo@domain might end up in the same inbox as
fred+@domain or even as fred@domain. This can be useful for tagging emails
for sorting, see below, and for spam control. Braces { and } are also used
in that fashion, although less often.

    *) space and "(),:;<>@[\] characters are allowed with restrictions (they
are only allowed inside a quoted string, as described in the paragraph
below, and in addition, a backslash or double-quote must be preceded by a
backslash);
    
     *) comments are allowed with parentheses at either end of the
local-part; e.g. john.smith(comment)@example.com and
(comment)john.sm...@example.com are both equivalent to
john.sm...@example.com.
/

So     *"()<>[]:,;@\\\"!#$%&'-/=?^_`{}| ~.a"@example.org*     is valid
and   *A@b@c...@example.com* (only one @ is allowed outside quotation marks)   
is invalid.

 - - - - - - - - - 

During my test I have seen that postfix accepts this sender address :
us...@example.com@exemple.com

So I have add this restriction in main.cf
smtpd_sender_restrictions =
        check_sender_access hash:/etc/postfix/sender_Allowed_Users, reject

And sender_Allowed_Users contains :
us...@example.com  OK
us...@example.com  OK
us...@example.com  OK
#us...@example.com OK

(user4 is forbidden)

But I was surprise that :
us...@example.com@exemple.com  is accepted
us...@example2.com@exemple.com  is reject
us...@example.com@exemple2.com  is reject

Normally these three addresses are invalid.

log for case us...@example.com@exemple.com  :
-----------------------------------------------------------
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: ctable_locate: install
entry key us...@example.com?us...@example.com....@example.com
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: maps_find:
hash:/etc/postfix/sender_Allowed_Users:
hash:/etc/postfix/sender_Allowed_Users(0,lock|fold_fix|utf8_request):
us...@example.com = OK
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: mail_addr_find:
us...@example.com -> OK
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: check_table_result:
hash:/etc/postfix/sender_Allowed_Users OK us...@example.com
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: smtpd_acl_permit:
checking smtpd_log_access_permit_actions settings
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: match_list_match: OK:
no match
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: smtpd_acl_permit:
smtpd_log_access_permit_actions: no match
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: generic_checks:
name=check_sender_access status=1
sept. 30 16:49:40 ASUS-G75VW-JC postfix/smtpd[6658]: >>> END Sender address
RESTRICTIONS <<<
 
log for case us...@example2.com@exemple.com  :
-------------------------------------------------------------
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: ctable_locate: install
entry key us...@example.com?us...@example.com....@troll2-hathor.nwk
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users:
"us...@example.com."@troll2-hathor.nwk: not found
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users:
us...@example.com....@troll2-hathor.nwk: not found
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: troll2-hathor.nwk: not found
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: nwk: not found
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: "us...@example.com."@: not found
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: us...@example.com.@: not found
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: mail_addr_find:
us...@example.com....@troll2-hathor.nwk -> (not found)
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: generic_checks:
name=check_sender_access status=0
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: generic_checks:
name=reject
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: NOQUEUE: reject: RCPT
from ASUS-G750JZ-JC.example.com[192.168.130.100]: 554 5.7.1
<us...@example.com....@troll2-hathor.nwk>: Sender address rejected: Access
denied; from=<us...@example.com....@troll2-hathor.nwk> to=<us...@example.com>
proto=ESMTP helo=<ASUS-G750JZ-JC.example.com>
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: generic_checks:
name=reject status=2
sept. 30 16:52:27 ASUS-G75VW-JC postfix/smtpd[6669]: >>> END Sender address
RESTRICTIONS <<<


log for case us...@example.com@exemple2.com  :
------------------------------------------------------------
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: ctable_locate: install
entry key us...@example.com?us...@troll2-hathor.nwk....@example.com
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: us...@troll2-hathor.nwk: not found
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: troll2-hathor.nwk: not found
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: nwk: not found
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: maps_find:
hash:/etc/postfix/sender_Allowed_Users: user1@: not found
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: mail_addr_find:
us...@troll2-hathor.nwk -> (not found)
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: generic_checks:
name=check_sender_access status=0
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: generic_checks:
name=reject
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: NOQUEUE: reject: RCPT
from ASUS-G750JZ-JC.example.com[192.168.130.100]: 554 5.7.1
<us...@troll2-hathor.nwk....@example.com>: Sender address rejected: Access
denied; from=<us...@troll2-hathor.nwk....@example.com> to=<us...@example.com>
proto=ESMTP helo=<ASUS-G750JZ-JC.example.com>
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: generic_checks:
name=reject status=2
sept. 30 16:53:59 ASUS-G75VW-JC postfix/smtpd[6669]: >>> END Sender address
RESTRICTIONS <<<

Any way none of the tree case have the local-part address include in the
lookup table /etc/postfix/sender_Allowed_Users

Any help is welcome.







-----
Thank you for helping
________
Opensuse Leap 15
--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Invalid address is accepted by postfix

Reply via email to