From: Arndt Roth (arndt.rothidmedia.com)
Date: Tue Jan 24 2006 - 08:32:54 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mouss <usebsdfree.fr>
24.01.2006 13:31

To
Arndt Roth <arndt.rothidmedia.com>
cc
postfix-userspostfix.org
Subject
Re: pcre .* in local_recipient_maps security question

Arndt Roth a écrit :
> hi everbody,
> we run two postfix mailrelays here and they never troubled us so far.
> That's really great.
> Now I'd like to have your opinions/advice on the following task I'd
have
> to implement:
> For testing our developers needed e-mail-adresses like
> testuser_XXmydomain
> I implemented that with a PCRE for local_recipient_maps:
> /^testuser_(..)mydomain$/ OK
> Now they want me to extend the PCRE to the wildcard "*" to be able to
use
> testuser_WHATEVER-THEY-NEED-IN-HEREmydomain
> I really feel uncomfortable to change the PCRE to:
> /^testuser_(.*)mydomain$/ OK
>
> a) Wouldn't this be a security risk?

If all these addresses are to be accepted, why not use virtual aliases
instead? (you're not going to create a mailbox for every such address,
are you? If local_transport is really local, where would postfix get the
uid and home dir of these?).

No, the e-mails are passed to a groupware that accepts testuser_* and
puts all of that into one database where different users have access to.

> And should I try to change the "*" to
> not allow a "" ?

you may. whether you should depend on your setup. postfix itself handles
this safely. see the rewrite readme.

Well, I'm sure Postfix handles that as safe as possible, but I can't
find this in http://www.postfix.org/ADDRESS=5FREWRITING=5FREADME.html

> (I tested this as positive with: postmap -fq "testuser_something
> someusersomedomain anotheruseranotherdomain usermydomain"
> pcre:/mypcre )
>
> b) How long could the maximum expression be ? Is that limited by a
maximum
> in local_recipient_maps?
>

Since these are your addresses, you should follow the limitation in RFC
2821 (Section 4.5.3.1):
----------
local-part
      The maximum total length of a user name or other local-part is 64
      characters.
----------

OK. I decided to do this:

/^testuser=5F([=5F-a-zA-Z0-9]{0,55})mydomain\.com$/ OK

It solves nested "" or other unwanted characters and does the RFC
recommended 64-length of the local-part.

It is also wide to make these addresses "local_only" if possible (they
should not talk to the internet. or at least not to all the internet).

Haven't got that option really, because the testmails come from a host
in the internet. I know the IP though. Is there a simple way to limit
the receiving of these testuser-emails to that IP, without affecting all
other recipient, mynetworks or mydomain?

Thank you very much for pointing me to the right direction,

 Arndt Roth

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]