291357Re: Null sender address in NDR's
- Feb 14, 2013Am 14.02.2013 16:36, schrieb James Day:
> .looking in my relayhosts for exchange, i see <> is accepted via
>>> Is there a sensible way to configure postfix to allow these messages
>>> with null sender addresses to be relayed without opening the smart
>>> host up to exploitation?
>> Sending bounces is not "exploitation", but the "smart host" (really
>> submission service) policy is up to the ISP. Ask them.
> I wasn't trying to suggest that sending bounces would be exploitation, rather that allowing *all* messages with a NULL sender to relayed through could potentially be exploited to send spam as <>
>> NO. Bounces MUST be sent with a null sender address. Otherwise, bounces
>> would elicit bounces in return creating mail loops, sometimes exponentially
>> growing, if a message elicits multiple non-delivery reports.
> Yes I know that and have referred to that point below.
>> The solution is to use a relay that permits bounces. Either the ISP relaxes
>> their policies, or a different relay must be found.
> As I feared, thank you for confirming.
>>> And before anyone comments, yes I know this isn't best practice as
>>> NDR's should have null sender addresses to stop loops (bouncing
>> Not "should", MUST. Not "isn't best practice", rather prohibited.
> I understand and agree however in my experience you sometimes have to fudge things so they operate with incorrectly configured systems (against my own wishes!)
submission tls if sasl auth is done before
from exchange with reject_sender_login_mismatch ,
smtpd_sender_login_maps exists, this should be enough for the smarthost
isp , i only know the problem apearing with i.e static restrict tables
MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
- << Previous post in topic Next post in topic >>