[Bug 242383] [NEW] default postfix config creates backscatter

Mon, 23 Jun 2008 08:30:35 -0700 

Public bug reported:

The postfix config file has a 'mydestination' parameter.  This is the
domains for which your mailserver will deliver mail locally.

It also has a 'relay_domains' parameter.  This is the domains for which
your mailserver will accept mail for delivery from remote untrusted
hosts.  As a matter of course, your 'mydestination' should be included
here since you want to be able to receive mail for yourself as a
precondition for delivering it.

To this end, very sanely, the default setting is:

relay_domains = $mydestination


Unfortunately, there is another configuration parameter 
'parent_domain_matches_subdomains'.  This parameter is very evil.  It lists the 
names of *other* configuration parameters for which 'domain.com' should be 
interpreted as '*.domain.com'.

It includes 'relay_domains' in its default list.

So for example:

mydestination = domain.com

then, by default, relay_domains will also equal domain.com.

*but* relay_domains is _interpreted_ as being *.domain.com.

This means that if someone attempts to send mail to [EMAIL PROTECTED]
existent-sub.domain.com your server will

(1) accept it
(2) attempt to relay it, but notice the subdomain doesn't exist
(3) generate backscatter

The default setup for the mailserver should clearly be that it refuses
to accept mail not destined for it from untrusted hosts.

The fix for this is to add 'parent_domain_matches_subdomains =' (ie: set
it to empty).

Even the postfix documentation says this feature will be disabled soon:

      This is planned backwards compatibility: eventually,
      all Postfix features are expected to require explicit
      ".domain.tld" style patterns when you really want to
      match subdomains.

 --
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

Cheers

** Affects: postfix (Ubuntu)
     Importance: Undecided
         Status: New

-- 
default postfix config creates backscatter
https://bugs.launchpad.net/bugs/242383
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to