On 10/6/20 4:23 PM, Wietse Venema wrote:
Demi M. Obenour:On 10/6/20 12:46 PM, Wietse Venema wrote:For me, 'not found' also includes the case that the user is not found in the passwd file.By "allow 'not found' users", do you mean that such users will automatically be granted access, or that they will still be looked up (perhaps by numeric UID) in local_sender_login_maps?Postfix sendmail looks up the username only if no sender was specified with -f, and terminates if the username cannot be found. That behavior should not change by default.
That's fine.
If the feature is turned on then there should probably be a default action for users not listed in the table (deny or allow). Its not going to be pretty when only the numerical UID is avaialble (a 1:1 mapping username->sender would not make sense).
What about defaulting to allow if local_sender_login_maps has its default value, and deny otherwise? That keeps the current default behavior, while still allowing administrators to lock it down. In the unlikely event that the table lookup itself fails, I believe that postdrop should log an error and exit. That avoids accidental security holes due to temporary failures.
Wietse
Sincerely, Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature