On 2020-09-01 19:45 BST, Viktor Dukhovni wrote:
> I hope you also saw my note re various legitimate use-cases for
> "unexpected" "From:" addresses in local submission.
I did, thank you. I don't think those cases apply to me (no vacation
replies and no forwarding here).
> > smtp-sndmail
> > unix - - y - - smtp
> > -o { inet_interfaces = }
> > -o { myhostname = smtp-sndmail }
> > -o { bounce_service_name = bounce-discard }
>
> Setting the bounce service here does not work the way you'd expect.
But - it does! It stops the bounce going out. Is there some bad
consequence lurking that will later bring me trouble?
> > # This is shared with the submission service.
> > cleanup-outbound
> > unix n - y - 0 cleanup
> > -o header_checks=regexp:/etc/postfix/header-checks-outbound
> > -o mime_header_checks=
> > -o nested_header_checks=
> > -o syslog_name=smtp-sndmaild
> > -o bounce_service_name=bounce-discard
>
> See above, this does not work.
(I've since removed '-o bounce_service_name=...', it doesn't seem to
matter here.) Again, it works well enough for me - a mail with a forged
header-from goes into the hold queue and nowhere else.
> > # Discards non-delivery notifications so they can't go to forged addresses.
> > bounce-discard
> > unix - - y - 0 discard
> > -o syslog_name=bounce-discard
>
> This is really broken. The bounce(8) service is an internal component
> that is NOT a delivery agent. It does not speak the same protocol as
> discard(8) which is a delivery agent.
>
> > Sep 1 10:35:36 rolly bounce-discard/discard[11387]: warning: unexpected
> > attribute nrequest from bounce-discard socket (expecting: flags)
> > Sep 1 10:35:36 rolly bounce-discard/discard[11387]: warning:
> > deliver_request_get: error receiving common attributes
>
> These are symptoms of the breakage.
Breakage is kind of what I want, in that it prevents bounces to forged
sender addresses (and assuming it isn't storing up trouble I'm not yet
aware of).
> If you want to prevent bounces from leaking out to forged sender
> addresses you need to accept and discard messages, rather than reject
> them.
I have to ask the stupid question - why? Since "bounce-discard" is
working for me in practise, so far, and rejection triggers a
notification to postmaster. Please elaborate? Thank you for your
comments.
--
Nick
