Re: Best way to handle a Delivered-To exploit??
- Thomas Harold:
[ Charset ISO-8859-1 unsupported, converting... ]
> On 11/6/2012 12:08 AM, David Rees wrote:First, there is no need block Delivered-To: addresses with remote
> > On Sun, Nov 4, 2012 at 6:45 PM, Brian Schang <postfix@...> wrote:
> >> In the past week, my server has accepted dozens of emails that were not
> >> deliverable. In all cases the issue has been a mail forwarding loop
> >> which resulted in the email bouncing. Given that my configuration has
> >> not changed in many months, I was puzzled. However, a little research
> >> led me to look into a Delivered-To exploit. I looked at a few of the
> >> messages in the queue (postcat), and sure enough those messages had a
> >> Delivered-To header line.
> > FWIW, I've been seeing the same thing here. First one I saw was on Oct
> > 23, but seems to be increasing in frequency.
> Any suggestions on how to handle this in postfix? We're starting to see
> this with some frequency as well.
> The only solution that I've stumbled across in my web searches is
> documented at:
> They suggest a "header_checks" of type "pcre" with the following content
> in the file:
> /^Delivered-To: .*/
> REJECT Header Exploit
Second, blocking local Delivered-To: addresses this way would suffer
from false positive when multiple users have the same email domain.
To avoid those false positives one would have to compare each
envelope recipient address against each Delivered-To: address in
the message header.