On 18.12.23 13:52, Kristoff via Postfix-users wrote:
Yes, I guess it are spam or phishing mails.
The trick with "smtpd_recipient_restrictions" looks interesting. Thanks!
As I understand it now, there are three steps in this:
1/ the spammer sends us an email with destination
"foreign-email-address-in-srs-for...@ourhobbyclubdomain.com"
As"outhobbyclubdomain.com" is mydestination, the email is accepted for
relay.
2/ then the SRS-formated email-address is converted into a normal
email-address
this is done by using recipient_canonical_maps on postfix which rewrites
header/envelope recipient.
3/ Then the message is forwarded towards that address.
(instead of postfix doing a lookup for the alias, seeing it does not
exist and refusing the message).
if you use recipient_canonical_maps, then the srs'ed adress is rewritten
into original(remote) address, which is why the mail is relayed even if
sender has no permission to relay
... I have just verified it works like this.
configured as documented on: https://github.com/roehling/postsrsd
note that postsrs keeps temporary address only working for certain amount
of time (21 days), so those addresses aren't valid permanently.
- you seem to be using postsrs as well.
If step 2 would be done first (or simply not done on destination
addresses), then this trick would be stopped.
I guess I am not the first person seeing this behaviour, I guess this
is not a bug (as it would have been fixed a earlier), so I guess there
must be a postfix configuration for this.
How do I influence this order, or stop step 2 being done on
destination addresses?
you can disable recipient_canonical_maps, but that will block all mail
to SRS'ed addresses, and anyone using address verification will block
receiving srs-forwarded addresses because your MTA will say they do not
exist.
Note that one of the point why SRS addresses exist is to validate the sender
and to be able to know what forwarded address fails.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
