You can still spoof the local email domain through subdomains
william-stacken opened this issue · 0 comments
william-stacken commented
See #237 for context. Someone was able to bypass the fix by sending "from" the mail
subdomain. Seems like any valid subdomain is affected by this.
I solved it by adding the line echo "/^(.*)@(.*)\.$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" >> /etc/postfix/login_maps.pcre
below the previous line. This works for me since I don't have more than one level of subdomains, but there may be a better more general purpose solution.
How to reproduce:
openssl s_client -starttls smtp -connect mail.example.com:587 <<EOF
helo example.com
mail from:<admin@mail.example.com>
rcpt to:<user@example.com>
Data
From: <admin@mail.example.com>
To: <user@example.com>
Subject: Yo
This is a mail
.
quit
EOF