OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: restricted aliases

From: Chris St Denis (chrissmartt.com)
Date: Mon Sep 22 2008 - 18:32:21 CDT


mouss wrote:
> Chris St Denis wrote:
>> I need to add support for (multi-recipient) aliases that are only
>> able to receive messages from selected users.
>>
>> I was initially looking at mailman or majordomo, however from what I
>> understand of them, they authenticate only on the from address so it
>> looks like it would be easy to forge. (Correct me if this is wrong).
>>
>
> There is no way to prevent strangers from forging straner identities.
> this is not specific to email (If I call you on the phone, I can say
> that I am foo bar, provided you don't know foo bar enough to detect
> the forgery).
>
> you can enforce authentication for _your_ users. you can also refuse
> mail from external servers with a sender in your domain.
>
> so go for a mailing list manager.
>
>> I also thought of smtpd_restriction_classes however that is also
>> subject to easy spoofing and the documentation even says "Postfix
>> restriction classes aren't really the right solution"
>>
>
> There is no way to prevent forgery. all you can do is make it harder
> by requiring a login:password. but even this only reduces risks.
>
>>
>> So I am wondering. What IS a good way to do this. Optimally, I would
>> like to restrict based on the SASL username.
>
> enforce login and sender match. then restrict based on sender.
Looking through the docs it looks like I can use smtpd_sender_login_maps
and smtpd_sender_restrictions with reject_sender_login_mismatch

However I want to apply this only to selected destination addresses and
I'm not sure how to go about this.

Can I use reject_sender_login_mismatch (or something similar) in a
recipient map?

Does smtpd_sender_login_maps have to contain all addresses on the
server, or just the ones I care about?

Optmally, I want to apply reject_sender_login_mismatch only to users
when sending to specific addresses. Reject if the check fails, but not
check for sending to anywhere else.

Dealing with forgeries from the internet isn't a big concern because
incoming mail comes in on a different ip, I can just block all incoming
mail with from: locally hosted domain. It is preventing senders from one
local domain from spoofing another for these restricted aliases that
needs protection.