[SOLVED] postfix allows mail relaying for any random subdomains
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
postfix allows mail relaying for any random subdomains
I'm running a postfix send-only mail relay (postfix-3.4.5) with restrictions per IPs (my networks, that is to say) and a restriction for domains that can be used to send e-mails for.
The latter is being enforced using the following directive:
/etc/postfix/allowed_senders (already mapped to db)
Code:
domain.eu OK
domain.com OK
example.de OK
The problem is that postfix also accepts the relay of e-mails for any random subdomains of these main domains and I haven't yet found a solution for rejecting this.
This works when I enforce login maps, for instance, so that certain users can send e-mails using only certain e-mail addresses, but this mail relay is configured differently and I would have expected being able to allow only the domains I'm specifying, and not any other subdomains.
I'm running a postfix send-only mail relay (postfix-3.4.5) with restrictions per IPs (my networks, that is to say) and a restriction for domains that can be used to send e-mails for.
The latter is being enforced using the following directive:
/etc/postfix/allowed_senders (already mapped to db)
Code:
domain.eu OK
domain.com OK
example.de OK
The problem is that postfix also accepts the relay of e-mails for any random subdomains of these main domains and I haven't yet found a solution for rejecting this.
This works when I enforce login maps, for instance, so that certain users can send e-mails using only certain e-mail addresses, but this mail relay is configured differently and I would have expected being able to allow only the domains I'm specifying, and not any other subdomains.
Seen this once before, but it's been a while. Run
Code:
postconf -n
...and see if the smtpd_access_maps directive is enabled. If so, remove it from your config and bounce postfix. Found in the postfix manual. http://www.postfix.org/access.5.html
From that page:
Code:
domain.tld
Matches domain.tld as the domain part of an email address.
The pattern domain.tld also matches subdomains, but only when
the string smtpd_access_maps is listed in the Postfix par-
ent_domain_matches_subdomains configuration setting.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.