Loading ...
Sorry, an error occurred while loading the content.

Re: Best way to handle a Delivered-To exploit??

Expand Messages
  • Thomas Harold
    ... Any suggestions on how to handle this in postfix? We re starting to see this with some frequency as well. The only solution that I ve stumbled across in
    Message 1 of 6 , Jun 21, 2013
    • 0 Attachment
      On 11/6/2012 12:08 AM, David Rees wrote:
      > On Sun, Nov 4, 2012 at 6:45 PM, Brian Schang <postfix@...> wrote:
      >> In the past week, my server has accepted dozens of emails that were not
      >> deliverable. In all cases the issue has been a mail forwarding loop
      >> which resulted in the email bouncing. Given that my configuration has
      >> not changed in many months, I was puzzled. However, a little research
      >> led me to look into a Delivered-To exploit. I looked at a few of the
      >> messages in the queue (postcat), and sure enough those messages had a
      >> Delivered-To header line.
      >
      > FWIW, I've been seeing the same thing here. First one I saw was on Oct
      > 23, but seems to be increasing in frequency.
      >

      Any suggestions on how to handle this in postfix? We're starting to see
      this with some frequency as well.

      The only solution that I've stumbled across in my web searches is
      documented at:

      http://forum.spamcop.net/forums/index.php?showtopic=10734

      They suggest a "header_checks" of type "pcre" with the following content
      in the file:

      /^Delivered-To: .*/
      REJECT Header Exploit

      But this apparently will also break "forward as attachment" mails unless
      you change something else (and it's not exactly clear, just that
      "nested_header_checks" is involved).
    • Wietse Venema
      Thomas Harold: [ Charset ISO-8859-1 unsupported, converting... ] ... First, there is no need block Delivered-To: addresses with remote domain names. Second,
      Message 2 of 6 , Jun 21, 2013
      • 0 Attachment
        Thomas Harold:
        [ Charset ISO-8859-1 unsupported, converting... ]
        > On 11/6/2012 12:08 AM, David Rees wrote:
        > > On Sun, Nov 4, 2012 at 6:45 PM, Brian Schang <postfix@...> wrote:
        > >> In the past week, my server has accepted dozens of emails that were not
        > >> deliverable. In all cases the issue has been a mail forwarding loop
        > >> which resulted in the email bouncing. Given that my configuration has
        > >> not changed in many months, I was puzzled. However, a little research
        > >> led me to look into a Delivered-To exploit. I looked at a few of the
        > >> messages in the queue (postcat), and sure enough those messages had a
        > >> Delivered-To header line.
        > >
        > > FWIW, I've been seeing the same thing here. First one I saw was on Oct
        > > 23, but seems to be increasing in frequency.
        > >
        >
        > Any suggestions on how to handle this in postfix? We're starting to see
        > this with some frequency as well.
        >
        > The only solution that I've stumbled across in my web searches is
        > documented at:
        >
        > http://forum.spamcop.net/forums/index.php?showtopic=10734
        >
        > They suggest a "header_checks" of type "pcre" with the following content
        > in the file:
        >
        > /^Delivered-To: .*/
        > REJECT Header Exploit

        First, there is no need block Delivered-To: addresses with remote
        domain names.

        Second, blocking local Delivered-To: addresses this way would suffer
        from false positive when multiple users have the same email domain.

        To avoid those false positives one would have to compare each
        envelope recipient address against each Delivered-To: address in
        the message header.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.