1. Store
  2. Apps
  3. Hardware
  4. Support
  5. Solutions

ClearFoundation

Forums
Welcome, Guest
Postfix Address masquerade
(1 viewing) 1 Guest
Go to bottomPage: 1
TOPIC: Postfix Address masquerade
#24880
Postfix Address masquerade 3 Years, 5 Months ago  
hi,
i freshly configured mail server and for now it's working smoothly. currently my domain is mydomain.com and i have different users.
i have smtp authentication set to on. and users can send mails as well. user can send mail with any from address
i.e user can send mail from abc@gmail.com,pop@yahoo.com.....they can send mail with any email address to anyone. but i am more concerned with the security and think if any one abuses this it would be a great problem.
so i googled and found Address masquerade in postfx. so i tried
adding
Code:


masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
masquerade_domains = !mydomain.com mydomain.com



i tried it but its not working to convert the domain name of the sender to mydomain.com
it's not working and i can't even force user to use their own email address.
any user permitted to use the mail can login with their credentials and are capable of sending mail with any email address despite of their own email address and are able to create fake mail.
could any one please help me with this
it would be fun to solve this issue

~prahmod
Pramod Giri
Senior Boarder
Posts: 58
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#24913
Re:Postfix Address masquerade 3 Years, 5 Months ago  
I don't think you can use Postfix or any other SMTP server to rewrite arbitrary forged sender email adresses to the authorized ones. First of all, how would Postfix know which address fakeaddress@fakedomaine should be rewritten to: I@yourdomaine or you@yourdomaine? IP addresses are not usefull since workstations in effect can connect from any IP address on the internet (think laptops and smart phones) and MAC addresses are easily faked.

It is, however, quite possible to block sending emails not originating from your private IP segment. That is COS standard behaviour to avoid acting as an open relay. It should also be easy to block sending emails that do not use your domaine, therby limiting the scope for deception to I@yourdomaine being sent as you@yourdomaine. Should that ever happen, my advise would be that the best error correction procedure available, is you slugging I.

The above illustrative example is in no way meant to be taken as an invitation.

Peter
Peter Broch
Platinum Boarder
Posts: 448
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#24916
Re:Postfix Address masquerade 3 Years, 5 Months ago  
There's fairly easy way to reject unauthorized sender domains on Postix, if the server is used for your organization OUTGOING mail ONLY. You can whitelist authorized sender domains, and Postfix will reject all email coming from unauthorized sender domains:

sender verification

However, this is NOT viable solution for mailservers that are used for both INCOMING and OUTGOING mail, as you'll break receiving of all external (internet) INCOMING mail.
Dusan
Junior Boarder
Posts: 21
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
Go to topPage: 1
  get the latest posts directly to your desktop