Re: Local address faked by remote user

• Previous message: Ralf Hildebrandt: "Re: mail relay via isp"
• Next in thread: Danny Yee: "Re: Local address faked by remote user"
• Maybe reply: Danny Yee: "Re: Local address faked by remote user"
• Maybe reply: Rod Dorman: "Re: Local address faked by remote user"
• Maybe reply: Danny Yee: "Re: Local address faked by remote user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Martin White wrote:
>
> ----- Original Message ----- From: "Wietse Venema" <>
> To: "Postfix users" <>
> Sent: Tuesday, May 31, 2005 5:44 PM
> Subject: Re: Local address faked by remote user
>
>
>> Martin White:
>>
>>> Just had a remote (un-authorised) user send a email locally. Now they
>>> could
>>> only send it to another local user, but it contained an attachment which
>>> could have potentially been a virus. Is there someway to prevent this
>>> sort
>>> of thing, i.e. ensure that mail from a @mgw.org.uk user only comes from
>>> someone on my local subnet or via a SASL authenticated user only?
>>
>>
>> Your posting says it was from Martin White, but it was sent to me
>> by the list server machine that handles postfix-users email.
>>
>> Should such mail be rejected?
>
>
> Obviously not. But isn't that different to when a malicious remote user
> telnets (or whatever) to the SMTP port on my server and pretends to be a
> user within the mgw.org.uk domain? Now while they can't send email to
> the big wide world, they could confuse a local user, or worse,
> especially if it looks like the email originates from an important user
> (administrator in this case).
>

This has been discussed so many times on the list. Let me summarise:

[1. rationale]
he guys that designed internet mail have never required the sender
address to match its client, nor to "mismatch the server domain". an
email transaction is formally defined as:
        client -> recipient
all the rest is meta-data, be it the sender address, the headers, the
body or transaction options/behaviour.

[2. would cause problems]
if you block mail from your domain, then you'll block legitimately
forwarded mail (for more infos, look at critics on spf and look for srs,
this won't be repeated here), and cause legitimate MTAs to do more work.
For now, there is no BL to "punish" you, but my feeling is that this
will come soon.

[3. still not convinced?]
  now, if you really want to go that way, use a check_sender_address
after permit_mynetwork/permit_sasl_.../ where you reject senders from
your domain. but you've been warned.

But you say the attachments could be infected. the only answer is to
block attachments you don't want and to use an anti-virus. relying on
the sender address is of no help.

• Previous message: Ralf Hildebrandt: "Re: mail relay via isp"
• Next in thread: Danny Yee: "Re: Local address faked by remote user"
• Maybe reply: Danny Yee: "Re: Local address faked by remote user"
• Maybe reply: Rod Dorman: "Re: Local address faked by remote user"
• Maybe reply: Danny Yee: "Re: Local address faked by remote user"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]