|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Aliased domains bypass address verification
From: Sean Kennedy (skennedy
geekdom.vcn.com)
Date: Tue May 01 2007 - 18:09:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
I am running Postfix 2.3.3. I do recipient address verification with
relay_recipient_maps that hooks up to an LDAP database. It recently
came to my attention that aliased addresses aren't canonicalized and
passed through relay_recipient_maps. So right now, anyone can send to a
bogus usersomealiaseddomain.com and it would be accepted.
Would adding all the aliases to my LDAP database then hooking that into
virtual_alias_maps work? Is there any easier, perhaps more elegant way
to do recipient verification on addresses that are aliases?
Sean Kennedy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]