Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable VRFY command in Postfix command #722

Merged
merged 1 commit into from May 17, 2019

Conversation

Projects
None yet
2 participants
@Josue-T
Copy link
Contributor

commented May 10, 2019

The problem

Some server scan on internet each mail server and try to detect the email adress. After the email adress is found some spam are send.

The result is by example this : https://forum.yunohost.org/t/usage-frauduleux-de-ma-boite-mail/7540/4

Solution

Block the VRFY command in Postfix wich give the possibility to do that on the server.

PR Status

Tested and it work. But need to be tested more deeply. By example if it break something.

How to test

Enable the option disable_vrfy_command in the main postfix config.
Launch this:

# nc localhost 25
220 domain.tld Service ready
VRFY email@domain.tld
502 5.5.1 VRFY command is disabled

Validation

  • Principle agreement 0/2 :
  • Quick review 0/1 :
  • Simple test 0/1 :
  • Deep review 0/1 :

@alexAubin alexAubin added this to the 3.6.x milestone May 10, 2019

@alexAubin
Copy link
Member

left a comment

LGTM 👍

Asked to a friend who's a mail expert :

VRFY n'est normalement plus utilisé depuis longtemps (ça permet une attaque d'énumération des adresses par des spammers)

@alexAubin

This comment has been minimized.

Copy link
Member

commented May 14, 2019

Merging soon™

@alexAubin alexAubin merged commit f49b74f into stretch-unstable May 17, 2019

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@alexAubin alexAubin deleted the disable_vrfy_command_postfix branch May 17, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.