Hi Wietse, I definitely agree there are LOTS more important things in the world to be worried about when connecting a system to an untrusted network, I was just curious how much people doing this in the real world were worried about the information leakage that sits somewhere between "inherent to using the protocol in the real world; get over it" and "I've taken extraordinary measures to limit all information leaks that are not absolutely necessary, even if it makes my job a lot harder". 🙂
Thanks for your feedback (and everything else you do for this project), Scott ________________________________ From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> on behalf of Wietse Venema <wie...@porcupine.org> Sent: December 12, 2020 7:32 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: Security threat posed by names and IPs in SMTP headers It is really simple. If you allow information to go out, then you will leak information. Postfix assumes that you're willing to send and receive email, and that means you will have to accept some leakage that is inherent with SMTP, TLS, TCP, DNS, UDP, and related protocols. The options for message-shaping and traffic-shaping are fairly limited. But wait, there is more. Unless all those protocol implementations are perfect, there may be exposures that in the worst case provide remote access to a root shell on the server, as happened recently in OpenSMTPD. A good mail server architecture can function as a fire retardant and limit the impact of mistakes. Personally I am less concerned about the inherent leaks. Wietse