On 2020-08-30 22:33 BST, Wietse Venema wrote:
> Well almost: it needs a custom SMTP client to avoid loop detection.
>
> /etc/postfix/master.cf:
> pickup unix .. .. .. .. .. pickup
> -o { content_filter = local-smtp:[localhost]:25 }
>
> local-smtp unix .. .. .. .. .. smtp
> -o { inet_interfaces = }
> -o { myhostname = localhost }
>
> Let me know if that does the job.
Yes I believe it does, thank you. Though I have used a new smtpd
service because the one on port 25 checks mail from the internet but I
want one that checks mail from the mail server.
*** additions to master.cf
localhost:2525
inet n - y - - smtpd
-o cleanup_service_name=cleanup-outbound
-o syslog_name=smtpd-sndmail
# This is duplicated from part of the submission service:
-o { smtpd_sender_restrictions =
check_sender_access regexp:/etc/postfix/check-sender-access-outbound,
reject_unverified_sender
}
pickup unix n - y 60 1 pickup
-o { content_filter = smtp-sndmail:[localhost]:2525 }
smtp-sndmail
unix - - y - - smtp
-o { inet_interfaces = }
-o { myhostname = smtp-sndmail }
-o { bounce_service_name = bounce-discard }
# This is shared with the submission service.
cleanup-outbound
unix n - y - 0 cleanup
-o header_checks=regexp:/etc/postfix/header-checks-outbound
-o mime_header_checks=
-o nested_header_checks=
-o syslog_name=smtp-sndmaild
-o bounce_service_name=bounce-discard
# Discards non-delivery notifications so they can't go to forged addresses.
bounce-discard
unix - - y - 0 discard
-o syslog_name=bounce-discard
*** Response to forged envelope-from
Sep 1 10:35:36 rolly postfix/pickup[7666]: 69CB9A0C16: uid=1000
from=<badaddress@forged>
Sep 1 10:35:36 rolly postfix/cleanup[11375]: 69CB9A0C16:
message-id=<20200901093536.gb10...@acrasis.net>
Sep 1 10:35:36 rolly postfix/qmgr[25533]: 69CB9A0C16:
from=<badaddress@forged>, size=472, nrcpt=1 (queue active)
Sep 1 10:35:36 rolly smtpd-sndmail/smtpd[11386]: connect from localhost[::1]
Sep 1 10:35:36 rolly smtpd-sndmail/smtpd[11386]: NOQUEUE: reject: RCPT from
localhost[::1]: 554 5.7.1 <badaddress@forged>: Sender address rejected: bogus
domain; from=<badaddress@forged> to=<badaddress@forged> proto=ESMTP
helo=<smtp-sndmail>
Sep 1 10:35:36 rolly postfix/smtp[11382]: 69CB9A0C16: to=<badaddress@forged>,
relay=localhost[::1]:2525, delay=0.12, delays=0.05/0.02/0.02/0.03, dsn=5.7.1,
status=bounced (host localhost[::1] said: 554 5.7.1 <badaddress@forged>: Sender
address rejected: bogus domain (in reply to RCPT TO command))
Sep 1 10:35:36 rolly postfix/qmgr[25533]: 69CB9A0C16: removed
Sep 1 10:35:36 rolly bounce-discard/discard[11387]: warning: unexpected
attribute nrequest from bounce-discard socket (expecting: flags)
Sep 1 10:35:36 rolly bounce-discard/discard[11387]: warning:
deliver_request_get: error receiving common attributes
Sep 1 10:35:36 rolly smtp-sndmaild/cleanup[11388]: 84FB4A0C08:
message-id=<20200901093536.84fb4a0...@mail.acrasis.net>
Sep 1 10:35:36 rolly postfix/qmgr[25533]: 84FB4A0C08:
from=<double-bou...@mail.acrasis.net>, size=1077, nrcpt=1 (queue active)
Sep 1 10:35:36 rolly smtpd-sndmail/smtpd[11386]: disconnect from
localhost[::1] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6
[dovecot lines snipped]
Sep 1 10:35:36 rolly postfix/lmtp[11389]: 84FB4A0C08:
to=<goodaddr...@acrasis.net>, orig_to=<postmaster>,
relay=mail.acrasis.net[private/dovecot-lmtp], delay=0.09,
delays=0.01/0.01/0.01/0.05, dsn=2.0.0, status=sent (250 2.0.0
<goodaddr...@acrasis.net> Y5j2IegVTl9+LAAAjtsq0A Saved)
Sep 1 10:35:36 rolly postfix/qmgr[25533]: 84FB4A0C08: removed
which I interpret as: smtpd-sndmail rejected the mail. smtp-sndmail
sent a non-delivery notification which was discarded by bounce-discard
(with warnings that I assume do not matter). smtp-sndmail also
notified the postmaster.
*** Response to good envelope-from but forged header-from
Sep 1 10:40:41 rolly postfix/pickup[7666]: 23E73A0C18: uid=1000
from=<goodaddr...@acrasis.net>
Sep 1 10:40:41 rolly postfix/cleanup[13599]: 23E73A0C18:
message-id=<20200901094041.23e73a0...@mail.acrasis.net>
Sep 1 10:40:41 rolly postfix/qmgr[25533]: 23E73A0C18:
from=<goodaddr...@acrasis.net>, size=581, nrcpt=1 (queue active)
Sep 1 10:40:41 rolly smtpd-sndmail/smtpd[13605]: connect from localhost[::1]
Sep 1 10:40:41 rolly smtpd-sndmail/smtpd[13605]: 3B7C3A0BAB:
client=localhost[::1]
Sep 1 10:40:41 rolly smtp-sndmaild/cleanup[13606]: 3B7C3A0BAB: hold: header
From: badaddress@forged from localhost[::1]; from=<goodaddr...@acrasis.net>
to=<goodaddr...@acrasis.net> proto=ESMTP helo=<smtp-sndmail>: Header-from is
spoofed.
Sep 1 10:40:41 rolly smtp-sndmaild/cleanup[13606]: 3B7C3A0BAB:
message-id=<20200901094041.23e73a0...@mail.acrasis.net>
Sep 1 10:40:41 rolly postfix/smtp[13604]: 23E73A0C18:
to=<goodaddr...@acrasis.net>, orig_to=<a...@acrasis.net>,
relay=localhost[::1]:2525, delay=0.13, delays=0.06/0.03/0.02/0.03, dsn=2.0.0,
status=sent (250 2.0.0 Ok: queued as 3B7C3A0BAB)
Sep 1 10:40:41 rolly postfix/qmgr[25533]: 23E73A0C18: removed
Sep 1 10:40:41 rolly smtpd-sndmail/smtpd[13605]: disconnect from
localhost[::1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
which I interpret as: smtpd-sndmail accepted the mail, then
cleanup-sndmail placed the mail into the hold queue. Nothing was
sent.
It's now impossible, I think, for either a local or a submission user
to send mail without a valid address in $mydomain in both the
envelope- and header-from. Thanks, comments welcome.
--
Nick
