Hi Wietse,
I definitely agree there are LOTS more important things in the world to be
worried about when connecting a system to an untrusted network, I was just
curious how much people doing this in the real world were worried about the
information leakage that sits somewhere between "inherent to using the protocol
in the real world; get over it" and "I've taken extraordinary measures to limit
all information leaks that are not absolutely necessary, even if it makes my
job a lot harder". 🙂
Thanks for your feedback (and everything else you do for this project),
Scott
________________________________
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> on
behalf of Wietse Venema <wie...@porcupine.org>
Sent: December 12, 2020 7:32 PM
To: Postfix users <postfix-users@postfix.org>
Subject: Re: Security threat posed by names and IPs in SMTP headers
It is really simple. If you allow information to go out, then you
will leak information. Postfix assumes that you're willing to send
and receive email, and that means you will have to accept some
leakage that is inherent with SMTP, TLS, TCP, DNS, UDP, and related
protocols. The options for message-shaping and traffic-shaping are
fairly limited.
But wait, there is more. Unless all those protocol implementations
are perfect, there may be exposures that in the worst case provide
remote access to a root shell on the server, as happened recently
in OpenSMTPD. A good mail server architecture can function as a
fire retardant and limit the impact of mistakes.
Personally I am less concerned about the inherent leaks.
Wietse
