Hi, Not sure if this is a bug or not, but thought I'd mention it, as I noticed it recently when investigating an intrusion attempt (it was an attempt to exploit this vulnerability in spamassassin-milter: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html)
I have root aliased to my own email address in /etc/aliases, but I noticed if a message is sent with an invalid + extension, postfix attempts to deliver the message locally to the root mailbox, ignoring the alias (which fails, because postfix is set to deliver root mail as 'nobody'). For example, if /etc/aliases contains: root: f...@example.com then mails sent to 'root' and 'root+foo' get correctly forward to f...@example.com. However, if I send a mail to 'root+/' (which is invalid, because of the slash), postfix gives a warning its log, but then tries to deliver it to the local root account: Feb 14 17:58:52 mailserver postfix/local[2614]: warning: 91C211741F7: address with illegal extension: root+/ Feb 14 17:58:52 mailserver deliver(nobody): mkdir(/root/Maildir/cur) failed: Permission denied Feb 14 17:58:52 mailserver deliver(nobody): mkdir(/root/Maildir/cur) failed: Permission denied Feb 14 17:58:52 mailserver deliver(nobody): msgid <20110214173224.91C211741F7@mailserver>: Couldn't open mailbox INBOX: Internal error occurred. Refer to server log for more information. [2011-02-14 17:58:52] (which fails due to permissions). The upshot of this is that exploit attempts for the vulnerability linked to above result in the message end up stuck in the queue, and can never be delivered (I guess they will eventually bounce). I'm guessing the correct behaviour should either be to bounce the mail or to forward it correctly to the alias address? thanks, Matt.
