Ignore:
Timestamp:
Feb 21, 2013, 11:59:19 PM (10 years ago)
Author:
andersk
Message:
Tighten scripts vhost mail security

Broken MTAs such as MIT’s will rewrite anyone@awesome-cname.mit.edu to
anyone@scripts-vhosts.mit.edu, in violation of RFC 2821.  (This can be
fixed with the Sendmail nocanonify feature or DontExpandCnames option,
which, bewilderingly, are still not the default.)  To prevent such
mail from being misdirected, remove scripts-vhosts from $mydestination
and let it bounce.

Correct r1452 to match literal periods in scripts.mit.edu.

Reserve the well-known (RFC 2142) email addresses
{abuse,hostmaster,noc,postmaster,security}@every-domain for our own
purposes; /etc/aliases maps these to root.

Tested on scripts-f17-dev.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/postfix/virtual_re

    r1452 r2375  
    1 /^(.*)@scripts.mit.edu$/ $1@scripts.mit.edu
     1/^(.*)@scripts\.mit\.edu$/ $1@scripts.mit.edu
     2/^(abuse|hostmaster|noc|postmaster|security)@/ $1@scripts.mit.edu
    23/^(.*)@([^@]*)\.scripts\.mit\.edu$/ $2+$1
    34/^([^@]*)\.scripts\.mit\.edu$/ true
Note: See TracChangeset for help on using the changeset viewer.