 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Nov-2007 | Next-Thread | Next-Msg |
| Subject: | proposal: change behavior with respect to recipients matching /^-/ |
| Group: | Postfix-users |
| From: | Ben Rosengart |
| Date: | 27 Nov 2007 |
With the default "allow_min_user = no", recipients whose addresses
begin with '-' are bounced by qmgr. This is to avoid, as Viktor
Duchovni puts it, "security issues with naive filters that don't put
'--' between sender and recipients."
You might think that smtpd would reject such recipients, but it
doesn't; it can't be sure that the leading '-' will still be present
after rewriting. In order to "be liberal in what it accepts", smtpd
assumes that the result of rewriting will not match /^-/.
Given that the internet is plagued by backscatter, this seems like
the wrong assumption to me. In Postfix's default configuration,
rewriting does not cure the problem, and a bounce, which might be
backscatter, is generated, and smtpd's default stance should reflect
this fact.
I propose a new parameter, "smtpd_allow_min_user", defaulting to
"no". If people want the current behavior, they can change it to
"yes". Or, if we want to really solve the problem,
"smtpd_allow_min_user_maps", allowing the user to define the set of
addresses which is acceptable despite a leading '-'.
(Another surprising (and therefore undesirable) effect of the current
system is that if a rewrite which moves or removes the leading '-' is
moved from, say, virtual(5) to generic(5), mail which previously
worked will begin bouncing.)
What do people think?
Thanks,
--
Ben Rosengart
| Prev-Msg | Prev-Thread | Postfix-users | Nov-2007 | Next-Thread | Next-Msg |