Re: Increasing Internal security

2019-05-28 Thread Dusan Obradovic
An "empty domain" sender usually refers to a mail address without domain information, f.e. rather than a null sender <>. See append_at_myorigin (default: yes) configuration parameter. > On May 15, 2019, at 6:24 PM, Peter Fraser wrote: > > Hi All > We had an auditor to an internal pentest f

Re: Increasing Internal security

2019-05-15 Thread Viktor Dukhovni
> On May 15, 2019, at 1:29 PM, Peter Fraser wrote: > > I believe what happened is the testing software they used tried to send an > email out using an empty domain and Postfix accepted it. I did it manually to > verify from the commandline > MAIL FROM: <> > RCPT TO: an email address > DATA > Bl

Re: Increasing Internal security

2019-05-15 Thread Wietse Venema
Peter Fraser: > I believe what happened is the testing software they used tried to send an > email out using an empty domain and Postfix accepted it. I did it manually to > verify from the commandline > MAIL FROM: <> > RCPT TO: an email address > DATA > Blablabla > . > Postfix queued up this emai

Re: Increasing Internal security

2019-05-15 Thread Wietse Venema
Peter Fraser: > Hi All > We had an auditor to an internal pentest for our network. The > result for our Postfix box was (My Words) Although your SMTP server > prevents relay in some circumstances, it still allows email from > an empty domain. I am aware that the empty domain <> is needed for > boun

Re: Increasing Internal security

2019-05-15 Thread Noel Jones
On 5/15/2019 12:29 PM, Peter Fraser wrote: I believe what happened is the testing software they used tried to send an email out using an empty domain and Postfix accepted it. I did it manually to verify from the commandline MAIL FROM: <> RCPT TO: an email address DATA Blablabla . Postfix

RE: Increasing Internal security

2019-05-15 Thread Peter Fraser
rds SI From: Noel Jones Sent: Wednesday, May 15, 2019 12:26 PM To: postfix-users@postfix.org Subject: Re: Increasing Internal security On 5/15/2019 11:24 AM, Peter Fraser wrote: > Hi All > > We had an auditor to an internal pentest for our network. The result > for our Postfix

Re: Increasing Internal security

2019-05-15 Thread Noel Jones
On 5/15/2019 11:24 AM, Peter Fraser wrote: Hi All We had an auditor to an internal pentest for our network. The result for our Postfix box was (My Words) Although your SMTP server prevents relay in some circumstances, it still allows email from an empty domain. I am aware that the empty domai

Increasing Internal security

2019-05-15 Thread Peter Fraser
Hi All We had an auditor to an internal pentest for our network. The result for our Postfix box was (My Words) Although your SMTP server prevents relay in some circumstances, it still allows email from an empty domain. I am aware that the empty domain <> is needed for bounce messages. Is there a