Prev: Question re: postscreen and -o options
Next: smtpd_helo_required compliance with the RFC
From: Christoph Anton Mitterer on 24 Dec 2009 07:38
Hi Noel!

Quoting Noel Jones <njones(a)megan.vbhcs.org>:
>> Of course I understand that mail does not guarantee sender authenticity
>> but this is still a security problem, isn't it?
>> I mean it's easily possible to reject reject_non_fqdn_sender and I think
>> even envelope sender addresses that match any of the canonical
>> domains,.. but this doesn't help with the headers.
>> Is there an easy way for this problem? Or do I misunderstand something.
> To insure that local users aren't confused by a HEADER that looks as
> if it came from the local domain, I use
> remote_header_rewrite_domain = domain.invalid
Thanks, I've already knew that but forgot to mention the following:

In principle I'd like to have append_dot_domain = no, because I don't
like that LOCAL user's mail to root(a)host are simply sent to
root(a)host.domain .
However when I set this remote email to user(a)host is not written to
user(a)host.domain.invalid.

Is there some way to get both?

Thanks,
Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

From: Christoph Anton Mitterer on 24 Dec 2009 10:19
Quoting Noel Jones <njones(a)megan.vbhcs.org>:
> To insure that local users aren't confused by a HEADER that looks as
> if it came from the local domain, I use
> remote_header_rewrite_domain = domain.invalid
Ah and by the way: This does not help if the remote user specifies a
fully qualified address (e.g. root(a)host.domain),...

Perhaps one can only "solve" this via content inspection.


Cheers,
Chris

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

First  |  Prev  | 
Pages: 1 2
Prev: Question re: postscreen and -o options
Next: smtpd_helo_required compliance with the RFC