LukeSmithxyz/emailwiz

You can still spoof the local email domain through subdomains

william-stacken opened this issue · 0 comments

See #237 for context. Someone was able to bypass the fix by sending "from" the mail subdomain. Seems like any valid subdomain is affected by this.

I solved it by adding the line echo "/^(.*)@(.*)\.$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" >> /etc/postfix/login_maps.pcre below the previous line. This works for me since I don't have more than one level of subdomains, but there may be a better more general purpose solution.

How to reproduce:

openssl s_client -starttls smtp -connect mail.example.com:587 <<EOF
helo example.com
mail from:<admin@mail.example.com>
rcpt to:<user@example.com>
Data
From: <admin@mail.example.com>
To: <user@example.com>     
Subject: Yo

This is a mail
.
quit
EOF