Loading ...
Sorry, an error occurred while loading the content.
 

Re: using the character @ in the local part

Expand Messages
  • Michael Blessenohl
    Thanks a lot for the help. There is no firewall messing with SMTP inbetween. With both options resolve_dequoted_address = no allow_untrusted_routing = yes it
    Message 1 of 31 , Jan 3, 2013
      Thanks a lot for the help. There is no firewall messing with SMTP
      inbetween. With both options

      resolve_dequoted_address = no
      allow_untrusted_routing = yes

      it finally works. Because I don't have a backup MX, this set-up should
      be fairly safe to use.


      Am 03.01.2013 22:08, schrieb Wietse Venema:
      > Michael Blessenohl:
      >> I'm sorry, I'll try not to use my smartphone again to answer mails from
      >> this list.
      >>
      >> I ment using a remote machine as client to connect to the postfix server
      >> as opposed to connect to the machine itself. I don't know why it does
      >> matter, but apparently it does. Using the hostname, IP or localhost
      >> makes no difference at all. That's the same for me.
      > You may want to look into the following parameter.
      >
      > allow_untrusted_routing (default: no)
      > Forward mail with sender-specified routing (user[@%!]remote[@%!]site)
      > from untrusted clients to destinations matching $relay_domains.
      >
      > By default, this feature is turned off. This closes a nasty
      > open relay loophole where a backup MX host can be tricked
      > into forwarding junk mail to a primary MX host which then spams
      > it out to the world.
      >
      > Postfix flags an address with @ in the local-part as an address
      > with sender-specified routing, regardless of whether it is quoted.
      >
      > Postfix will not relay such an address unless the above safety
      > feature is turned off.
      >
      > Wietse
    • Wietse Venema
      ... Come on, don t be so naive. The backup MX scenario is an EXAMPLE of how @ in local-part can result in trouble. The same problem may happen in ANY piece of
      Message 31 of 31 , Jan 4, 2013
        Michael Blessenohl:
        > The security issue is, as far as I understand, that a backup MX uses an
        > @ in the local part for internal purposes. Which, in theory, can be
        > exploited to use the server as open relay. As long as I don't use a
        > backup MX, I don't have an open relay and everything is fine, isn't it?

        Come on, don't be so naive. The backup MX scenario is an EXAMPLE
        of how @ in local-part can result in trouble. The same problem may
        happen in ANY piece of software that decisions based on the content
        of an email address.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.