Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: DBMail: users buggy postfix sql recipients query against dbmail_aliases   Index | Next | Previous | View Flat

aleksander at krediidiinfo Mar 11, 2009, 4:15 AM Views: 532 Permalink buggy postfix sql recipients query against dbmail_aliases Hi, I have the following standard settings for postfix doing the RCPT TO: check via sql against the dbmail_aliases table. sql-recipients.cf: user = xxx password = xxx hosts = 127.0.0.1 dbname = xxx table = dbmail_aliases select_field = alias where_field = alias Here's a working and buggy example: # netcat localhost 25 220 mail.krediidiinfo.ee ESMTP Postfix HELO mail.krediidiinfo.ee 250 mail.krediidiinfo.ee MAIL FROM:<test[at]example.com> 250 Ok RCPT TO:<nosuchuser[at]krediidiinfo.ee> 550 <nosuchuser[at]krediidiinfo.ee>: Recipient address rejected: User unknown in local recipient table RCPT TO:<nosuchuser[at]nosuchdomain.krediidiinfo.ee> 250 Ok QUIT 221 Bye The second response to RCPT TO: should have been a 550 too, not 250. The dbmail_aliases table contains only proper "user[at]domain" entries, no wildcard stuff like simply a "@domain" or similar. So a there's a problem, when a subhost is specified in the address. Another issue is with when no user is specified. Here's an example: # netcat localhost 25 220 mail.krediidiinfo.ee ESMTP Postfix HELO mail.krediidiinfo.ee 250 mail.krediidiinfo.ee MAIL FROM:<test[at]example.com> 250 Ok RCPT TO:<@krediidiinfo.ee> 250 Ok QUIT 221 Bye These wrong addresses are often expanded from user typos like "@user[at]domain" for example or whatever combination. Spamming postfix with these invalid addresses would result in a DOS. This is postfix 2.2.9 and dbmail 2.2.11 on SLES10SP2. Could a postfix/sql knowledgeable person please refine the sql-recipients file, so invalid addresses would be denied immediately? I have no idea how to do this. Regards, PS: The dbmail news page does not have an announcement for dbmail-2.2.11 final release. -- Aleksander Kamenik System Administrator Krediidiinfo AS an Experian Company Phone: +372 665 9649 Email: aleksander[at]krediidiinfo.ee http://www.krediidiinfo.ee/ http://www.experiangroup.com/ _______________________________________________ DBmail mailing list DBmail[at]dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Subject User Time buggy postfix sql recipients query against dbmail_aliases aleksander at krediidiinfo Mar 11, 2009, 4:15 AM     Re: buggy postfix sql recipients query against dbmail_aliases rabbit+list at rabbit Mar 11, 2009, 4:42 AM         Re: buggy postfix sql recipients query against dbmail_aliases aleksander at krediidiinfo Mar 11, 2009, 5:11 AM             Re: buggy postfix sql recipients query against dbmail_aliases rabbit+list at rabbit Mar 11, 2009, 5:14 AM                 Re: buggy postfix sql recipients query against dbmail_aliases aleksander at krediidiinfo Mar 11, 2009, 5:30 AM

Index | Next | Previous | View Flat   DBMail     users     dev

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.