[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: while on the topic of SMTP AUTH policy

To: Mariano Absatz <zmailer@lists.com.ar>
Subject: Re: while on the topic of SMTP AUTH policy
From: Matti Aarnio <mea@nic.funet.fi>
Date: Fri, 9 Jul 2004 12:23:57 +0300
Cc: ZMailer Mailing List <zmailer@nic.funet.fi>
In-Reply-To: <40BE1990.12937.47BDE2F7@localhost>; from zmailer@lists.com.ar on Wed, Jun 02, 2004 at 06:16:48PM -0300
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <40BE1990.12937.47BDE2F7@localhost>
Sender: zmailer-owner@nic.funet.fi

Returning on this topic..

On Wed, Jun 02, 2004 at 06:16:48PM -0300, Mariano Absatz wrote:
> while on the topic of SMTP AUTH policy...
> 
> I've configured a server only for authenticated mail relaying with
> SMTP AUTH.
> 
> That is, the server's only job is accepting local users mail (after 
> authentication) and relaying it outside... even if it's for our own
> local domain, it will go via MX (to our MX server) relayed from this
> server.
> 
> The problem I have is that, when a user is authenticated, he is able to 
> use whatever mail from domain he wants... even if it doesn't exist in 
> DNS...
> 
> How can I prevent this? That is, how can I force dns verification even 
> for authenticated connections?

The reason for this is that deep in the  policytest.c  code you can
find following:

static int pt_mailfrom(state, str, len)
     struct policystate *state;
     const char *str;
     const int len;
{
 ..  (variable declarations/inits, and SPF tests omitted for brevity) ..

    if (state->always_reject)
	return -1;
    if (state->always_freeze)
	return 1;
    if (state->full_trust || state->authuser)
	return 0;

That is, when user has authenticated, system is hardwired to trust him
always.

Reading that function, I do think that   state->authuser  test for
acceptance could be moved onwards ...  right before WHOSON stuff ?

The related question of "can we have policy verification of sender's
MAIL FROM address vs. his authentication" -- we could have a hook to
handle the thing.  Indeed I have thought about adding enbedded perl
into smtpserver so that people can hook up their own policy codes
(or parts of policy codes) as they want.

With recipient acceptance I am a lot less sure of what would be
usefull approach.  Right now there is early 'user is authenticated,
accept anything' approach in  pt_rcptto()  function.
Adding even a 'do verify at least domain DNS data existence' is..
perhaps doable, but is it worth it ?

> Relevant settings of smtpserver.conf are:
> 
> PARAM  smtp-auth
> PARAM  AUTH-LOGIN-also-without-TLS
> PARAM  MSA-mode
> PARAM rcvd-auth-user
> 
> SMTPOPTIONS is '-sve -s sloppy -l ${LOGDIR}/smtpserver'
> (bloody Outlook Express 'MAIL FROM: <').

Actually 'S' flag in the tail-end of the smtpserver.conf  file
"HELO patterns" should do that slightly sloppy behaviour.
The fully sloppy one is where no HELO is required, and several
other such stupid things..

> smtp-policy.mx and smtp-policy.relay are empty.
> 
> I'm using the standard smtp-policy.src (zmailer 2.99.56 from CVS 2004-03-
> 12, that is, _before_ latest policy management changes).
> 
> TIA
> --
> Mariano Absatz
> El Baby
-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- while on the topic of SMTP AUTH policy
  - From: "Mariano Absatz" <zmailer@lists.com.ar>

Prev by Date: Re: SPF - silly bug
Next by Date: recent version
Prev by thread: while on the topic of SMTP AUTH policy
Next by thread: smtp-policy.src question
Index(es):
- Date
- Thread