Security problem Postfix

Hello Everyone

I found a security problem in the default configuration of postifix, when you have multiple email accounts on my server.

I take a small example to better explain: I have two email bar@domain.tld and foo@domain.tld.
If I connect via telnet and execute these commands:

telnet myserver.ip 25 helo domain.tld mail from: bar@domain.tld rcpt to: foo@domain.tld data Subject: This is a Subject This is a text email . quit

The message is sent to foo@domain.tld, of course email can be sent via telnet only to the domains created in my server.

How can I fix this?

Thank you in advance for your support!

Mmh, what exactly would be the problem you see here? The fact that you can use your own domain as sender without login, when the recipient is in your domain?

While I wouldn’t consider this an actual “security problem”, since the sender entry of a mail can be faked in many ways and thus can’t really be trusted in any case (except the mail is PGP-signed or similar), you can probably prevent Postfix from accepting such mails using the “reject_sender_login_mismatch” and “sender_login_maps” directives.

http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch

I haven’t tested this though, so can’t really tell if it does what you need. :slight_smile: But the explanation in the documentation sounds like it should.

Yes, it works. I tested it a while ago:

https://www.virtualmin.com/node/16491#comment-73151

Hey helpmin, good to know! And holy cr*p, has it really been two years already since I joined this forum? God, time flies.

Hmm, checking the documentation for this directive again, I think it might be too harsh a restriction. Also, it doesn’t apply when using a non-existing local email address.

In my case, I want authenticated users to be able to use any sender address they want. This is no longer possible when applying “reject_sender_login_mismatch”, since it works in both directions: When a MAIL FROM in the virtual map is used, it must match the logged in user, AND, when a user is logged in, they can only use MAIL FROM as per virtual map.

For me, the first half is okay; the second one is not.