Loading ...
Sorry, an error occurred while loading the content.

291357Re: Null sender address in NDR's

Expand Messages
  • Robert Schetterer
    Feb 14, 2013
    • 0 Attachment
      Am 14.02.2013 16:36, schrieb James Day:
      > .
      >>> Is there a sensible way to configure postfix to allow these messages
      >>> with null sender addresses to be relayed without opening the smart
      >>> host up to exploitation?
      >>
      >> Sending bounces is not "exploitation", but the "smart host" (really
      >> submission service) policy is up to the ISP. Ask them.
      >
      > I wasn't trying to suggest that sending bounces would be exploitation, rather that allowing *all* messages with a NULL sender to relayed through could potentially be exploited to send spam as <>
      >
      >
      >> NO. Bounces MUST be sent with a null sender address. Otherwise, bounces
      >> would elicit bounces in return creating mail loops, sometimes exponentially
      >> growing, if a message elicits multiple non-delivery reports.
      >
      > Yes I know that and have referred to that point below.
      >
      >> The solution is to use a relay that permits bounces. Either the ISP relaxes
      >> their policies, or a different relay must be found.
      >
      > As I feared, thank you for confirming.
      >
      >>> And before anyone comments, yes I know this isn't best practice as
      >>> NDR's should have null sender addresses to stop loops (bouncing
      >>> bounce-backs!).
      >>
      >> Not "should", MUST. Not "isn't best practice", rather prohibited.
      >>
      >> --
      >> Viktor.
      >
      > I understand and agree however in my experience you sometimes have to fudge things so they operate with incorrectly configured systems (against my own wishes!)
      >
      > James
      >

      looking in my relayhosts for exchange, i see <> is accepted via
      submission tls if sasl auth is done before
      from exchange with reject_sender_login_mismatch ,
      smtpd_sender_login_maps exists, this should be enough for the smarthost
      isp , i only know the problem apearing with i.e static restrict tables
      solution

      Best Regards
      MfG Robert Schetterer

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Joerg Heidrich
    • Show all 13 messages in this topic