|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sean Kennedy (skennedy
geekdom.vcn.com)
Date: Wed May 02 2007 - 10:04:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey,
Yes by aliased domain I mean rewriting it like "example.com example.net" in the virtual_alias_maps table. So instead of rewriting the domain like that, I'm going to have to add each address to the virtual_alias_maps in order to get the recipient *validation* working?
Thanks,
Sean Kennedy
> -----Original Message-----
> From: owner-postfix-userspostfix.org
> [mailto:owner-postfix-userspostfix.org] On Behalf Of Magnus Bäck
> Sent: Tuesday, May 01, 2007 10:27 PM
> To: postfix-userspostfix.org
> Subject: Re: Aliased domains bypass address verification
>
> On Wednesday, May 02, 2007 at 01:09 CEST,
> Sean Kennedy <skennedygeekdom.vcn.com> wrote:
>
> > I am running Postfix 2.3.3. I do recipient address
> verification with
> > relay_recipient_maps that hooks up to an LDAP database. It
> recently
> > came to my attention that aliased addresses aren't
> canonicalized and
> > passed through relay_recipient_maps. So right now, anyone
> can send to
> > a bogus usersomealiaseddomain.com and it would be accepted.
>
> What do you mean by aliased domain? Wildcard rewriting like
>
> example.com example.net
>
> perhaps? Those do indeed break recipient validation and must
> not be used.
>
> > Would adding all the aliases to my LDAP database then hooking that
> > into virtual_alias_maps work? Is there any easier, perhaps more
> > elegant way to do recipient verification on addresses that
> are aliases?
>
> ITYM recipient validation. Recipient verification is something else.
>
> --
> Magnus Bäck
> magnusdsek.lth.se
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]