Loading ...
Sorry, an error occurred while loading the content.

Force matching envelop MAIL FROM and "From" header

Expand Messages
  • lst_hoe02@kwsoft.de
    Hello is it possible to force a matching From header in the mail if reject_sender_login_mismatch is used so the From header is the same as the checked MAIL
    Message 1 of 4 , Dec 2, 2009
    • 0 Attachment
      Hello

      is it possible to force a matching "From" header in the mail if
      reject_sender_login_mismatch is used so the "From" header is the same
      as the checked MAIL FROM address? The goal is to prevent spoofing of
      the "From" header for SASL authenticated clients.

      Many Thanks

      Andreas
    • Wietse Venema
      ... Yes, but only with external software (Milter or content filter). Wietse
      Message 2 of 4 , Dec 2, 2009
      • 0 Attachment
        lst_hoe02@...:
        > Hello
        >
        > is it possible to force a matching "From" header in the mail if
        > reject_sender_login_mismatch is used so the "From" header is the same
        > as the checked MAIL FROM address? The goal is to prevent spoofing of
        > the "From" header for SASL authenticated clients.

        Yes, but only with external software (Milter or content filter).

        Wietse
      • lst_hoe02@kwsoft.de
        ... That s what i was afraid of. My idea was to use header-checks to drop the From: header and let it add from cleanup again but
        Message 3 of 4 , Dec 2, 2009
        • 0 Attachment
          Zitat von Wietse Venema <wietse@...>:

          > lst_hoe02@...:
          >> Hello
          >>
          >> is it possible to force a matching "From" header in the mail if
          >> reject_sender_login_mismatch is used so the "From" header is the same
          >> as the checked MAIL FROM address? The goal is to prevent spoofing of
          >> the "From" header for SASL authenticated clients.
          >
          > Yes, but only with external software (Milter or content filter).
          >
          > Wietse


          That's what i was afraid of. My idea was to use header-checks to drop
          the "From:" header and let it add from cleanup again but
          http://www.postfix.org/header_checks.5.html says

          Message headers added by the cleanup(8) daemon itself are
          excluded from inspection. Examples of such message headers
          are From:, To:, Message-ID:, Date:.

          :-(


          Regards

          Andreas
        • Noel Jones
          ... Yes, that will work -- ugly, but it will work. You ll need to use the submission port with it s own header_checks (via it s own cleanup service) since
          Message 4 of 4 , Dec 2, 2009
          • 0 Attachment
            On 12/2/2009 7:34 AM, lst_hoe02@... wrote:
            > Zitat von Wietse Venema <wietse@...>:
            >
            >> lst_hoe02@...:
            >>> Hello
            >>>
            >>> is it possible to force a matching "From" header in the mail if
            >>> reject_sender_login_mismatch is used so the "From" header is the same
            >>> as the checked MAIL FROM address? The goal is to prevent spoofing of
            >>> the "From" header for SASL authenticated clients.
            >>
            >> Yes, but only with external software (Milter or content filter).
            >>
            >> Wietse
            >
            >
            > That's what i was afraid of. My idea was to use header-checks to drop
            > the "From:" header and let it add from cleanup again but

            Yes, that will work -- ugly, but it will work. You'll need to
            use the submission port with it's own header_checks (via it's
            own cleanup service) since header_checks can't tell by itself
            if the user has authenticated. Note the From: header added by
            cleanup will contain only the envelope address.

            > http://www.postfix.org/header_checks.5.html says
            >
            > Message headers added by the cleanup(8) daemon itself are
            > excluded from inspection. Examples of such message headers
            > are From:, To:, Message-ID:, Date:.

            That refers to a missing header that has been added to the
            current message by cleanup, not a pre-existing header with the
            same name.

            >
            > :-(
            >

            :-)

            -- Noel Jones
          Your message has been successfully submitted and would be delivered to recipients shortly.