-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added reject_authenticated_sender_login_mismatch #872
Added reject_authenticated_sender_login_mismatch #872
Conversation
@17Halbe looks good! |
@17Halbe Thank you! @johansmitsnl It is working for LDAP. |
Yes I don't see a reason why this shouldn't be working with ldap. |
And for the aliases? |
Yes, as I said, if root@mailserver.com trys to send an email as (his alias) postmaster@mailserver.com, it would fail. Receiving mails for your alias of course is not a problem. In my opinion the behaviour of not allowing someone to send a mail with a spoofed address (even non existing ones) should be default. If someone would need to send an email via an alias, they should actually consider setting this account up as a regular one. IMHO that's not what aliases are for. I always considered them as more restrictive "catch-all" addresses. |
I'm still thinking about this. we could probably work around the alias problem if you consider it neccessary. But in that case we would have to add every normal address to the virtual (alias) file as well. |
@17Halbe in my personal setup I use on the iPhone mail app and there I have setup some aliasses so that I can email with the same account back but maintain the alias in the reply. |
Ok, we then need a setup differenciating between ldap and the standard setup. |
I don't use it but if you can include them yes. |
We have set up our servers internally to send reports from servername@domain.com so the source of the report can easily be identified. All these severs are not set up to receive mail, so they do not have valid accounts in the email system. If suddenly all those reports started being rejected, that would be a problem. If you do decide to make changes like this, please do NOT make them default, and be sure to add a well documented control such as an env variable to allow users to choose which behavior they wish.
Regards,
:D
…Sent from my iPhone
On Mar 4, 2018, at 12:05 PM, Johan Smits ***@***.***> wrote:
I don't use it but if you can include them yes.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Just to clarify, this PR is just denying a logged in(!) user to send mails with another than his account address or (going to be implemented) his alias addresses. |
We have not gotten emails to be sent without logging in a user with smtp. We are currently using a test user login (the same login for multiple servers) as a work around until we are able to determine why our servers can’t simply deliver unauthenticated on port 25 to a local user. While this isn’t a preferred long term solution, I would not like to see this work around permanently denied in the future. We should at least implement an env variable to control this behaviour.
:D
…Sent from my iPhone
On Mar 4, 2018, at 1:56 PM, 17Halbe ***@***.***> wrote:
Just to clarify, this PR is just denying a logged in(!) user to send mails with another than his account address or (going to be implemented) his alias addresses.
Would this work for your setup?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
…ssing documentation for TLS_LEVEL
So I introduced a new env variable, which default value is deactivating reject_authenticated_sender_login_mismatch. For a new upcoming release in the hopefully upcoming release channel system I would suggest to implement reject_authenticated_sender_login_mismatch as a default. It's really easy to delete out of main.cf if one really needs to work around it. Tested ldap implementation only in the test.bats. Can someone please check if this would work with an alias in ldap. I just copy pasted the ldap config from #825
Does that look correct? |
Nevermind. Just reverted the ldap lookup to the already existing tables and added test for aliases as well. This should now be a safe ldap implementation! |
This looks very good! Waiting for @tomav to let me know when the release branches are setup to I can merge it. |
So if you're going to merge this to a new release I would suggest switching the default to enable SPOOF_PROTECTION. This PR can be merged without changing the current behaviour at all. It's disabled by default. You have to set SPOOF_PROTECTION to 1 to make it work. What about merging it now and I'll provide a PR for the new release to make spoof protection the default setting? |
@17Halbe thats a good idea. Merged it so you can provide a new PR once the branching is done. |
Good work on this @17Halbe! |
Kudos to @TechnicLab who had the idea and found that "undesired behaviour"
This will deny authorized clients to send with a different than their owned mail-address.
So there remain some considerations:
See also #825
partially solves #524