Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- I'm trying to stop people from changing the From address to an e-mail they don't own or have an alias for. I think I have the right mysql query, yet postfix is still allowing me to send e-mail from fraud@gtaxl.net a fake email.
- --- main.cf ---
- #Virtual domains, users, and aliases
- virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
- virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
- virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
- mysql:/etc/postfix/mysql-virtual-email2email.cf
- smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-sender-login-maps.cf
- --- mysql-virtual-sender-login-maps.cf ---
- user = [redacted]
- password = [redacted]
- hosts = 127.0.0.1
- dbname = gtaxlnetmail
- query = SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = '%s' UNION SELECT destination FROM `virtual_aliases` WHERE source = '%s' ) a LIMIT 1
- --- Testing the queries with auth email, alias, fake/spoofed email ---
- MariaDB [gtaxlnetmail]> SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = 'gtaxl@gtaxl.net' UNION SELECT destination FROM `virtual_aliases` WHERE source = 'gtaxl@gtaxl.net' ) a LIMIT 1;
- +-----------------+
- | email |
- +-----------------+
- | gtaxl@gtaxl.net |
- +-----------------+
- 1 row in set (0.00 sec)
- MariaDB [gtaxlnetmail]> SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = 'dmarc@gtaxl.net' UNION SELECT destination FROM `virtual_aliases` WHERE source = 'dmarc@gtaxl.net' ) a LIMIT 1;
- +-----------------+
- | email |
- +-----------------+
- | gtaxl@gtaxl.net |
- +-----------------+
- 1 row in set (0.00 sec)
- MariaDB [gtaxlnetmail]> SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = 'fraud@gtaxl.net' UNION SELECT destination FROM `virtual_aliases` WHERE source = 'fraud@gtaxl' ) a LIMIT 1;
- Empty set (0.00 sec)
- MariaDB [gtaxlnetmail]>
- --- master.cf ---
- submission inet n - y - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_wrappermode=yes
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch,permit_sasl_authenticated
- -o milter_macro_daemon_name=ORIGINATING
- -o cleanup_service_name=subcleanup
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement