Am 14.02.2013 16:36, schrieb James Day: > . >>> Is there a sensible way to configure postfix to allow these messages >>> with null sender addresses to be relayed without opening the smart >>> host up to exploitation? >> >> Sending bounces is not "exploitation", but the "smart host" (really >> submission service) policy is up to the ISP. Ask them. > > I wasn't trying to suggest that sending bounces would be exploitation, rather > that allowing *all* messages with a NULL sender to relayed through could > potentially be exploited to send spam as <> > > >> NO. Bounces MUST be sent with a null sender address. Otherwise, bounces >> would elicit bounces in return creating mail loops, sometimes exponentially >> growing, if a message elicits multiple non-delivery reports. > > Yes I know that and have referred to that point below. > >> The solution is to use a relay that permits bounces. Either the ISP relaxes >> their policies, or a different relay must be found. > > As I feared, thank you for confirming. > >>> And before anyone comments, yes I know this isn't best practice as >>> NDR's should have null sender addresses to stop loops (bouncing >>> bounce-backs!). >> >> Not "should", MUST. Not "isn't best practice", rather prohibited. >> >> -- >> Viktor. > > I understand and agree however in my experience you sometimes have to fudge > things so they operate with incorrectly configured systems (against my own > wishes!) > > James >
looking in my relayhosts for exchange, i see <> is accepted via submission tls if sasl auth is done before from exchange with reject_sender_login_mismatch , smtpd_sender_login_maps exists, this should be enough for the smarthost isp , i only know the problem apearing with i.e static restrict tables solution Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
