API tools faq
paste
Advertisement
GTAXL

Untitled

GTAXL
Dec 12th, 2017
460
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.35 KB | None | 0 0
raw download clone embed print report
  1. I'm trying to stop people from changing the From address to an e-mail they don't own or have an alias for. I think I have the right mysql query, yet postfix is still allowing me to send e-mail from fraud@gtaxl.net a fake email.
  2.  
  3. --- main.cf ---
  4. #Virtual domains, users, and aliases
  5. virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
  6. virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
  7. virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
  8. mysql:/etc/postfix/mysql-virtual-email2email.cf
  9. smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-sender-login-maps.cf
  10.  
  11. --- mysql-virtual-sender-login-maps.cf ---
  12. user = [redacted]
  13. password = [redacted]
  14. hosts = 127.0.0.1
  15. dbname = gtaxlnetmail
  16. query = SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = '%s' UNION SELECT destination FROM `virtual_aliases` WHERE source = '%s' ) a LIMIT 1
  17.  
  18. --- Testing the queries with auth email, alias, fake/spoofed email ---
  19. MariaDB [gtaxlnetmail]> SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = 'gtaxl@gtaxl.net' UNION SELECT destination FROM `virtual_aliases` WHERE source = 'gtaxl@gtaxl.net' ) a LIMIT 1;
  20. +-----------------+
  21. | email |
  22. +-----------------+
  23. | gtaxl@gtaxl.net |
  24. +-----------------+
  25. 1 row in set (0.00 sec)
  26.  
  27. MariaDB [gtaxlnetmail]> SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = 'dmarc@gtaxl.net' UNION SELECT destination FROM `virtual_aliases` WHERE source = 'dmarc@gtaxl.net' ) a LIMIT 1;
  28. +-----------------+
  29. | email |
  30. +-----------------+
  31. | gtaxl@gtaxl.net |
  32. +-----------------+
  33. 1 row in set (0.00 sec)
  34.  
  35. MariaDB [gtaxlnetmail]> SELECT * FROM (SELECT email FROM `virtual_users` WHERE email = 'fraud@gtaxl.net' UNION SELECT destination FROM `virtual_aliases` WHERE source = 'fraud@gtaxl' ) a LIMIT 1;
  36. Empty set (0.00 sec)
  37.  
  38. MariaDB [gtaxlnetmail]>
  39.  
  40.  
  41. --- master.cf ---
  42. submission inet n - y - - smtpd
  43. -o syslog_name=postfix/submission
  44. -o smtpd_tls_wrappermode=yes
  45. -o smtpd_tls_security_level=encrypt
  46. -o smtpd_sasl_auth_enable=yes
  47. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  48. -o smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch,permit_sasl_authenticated
  49. -o milter_macro_daemon_name=ORIGINATING
  50. -o cleanup_service_name=subcleanup
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!