address blacklist

Question

address blacklist

jongcs opened this issue 7 years ago · 4 comments

Should have a address blacklist to reserve some address like admin@ administrator@ hostmaster@ postmaster@ webmaster@. Attackers can use these address to verify the domain ownership and get SSL certificate for the domain.

Answer 1 · 2017-11-12T17:22:50.000Z

oh good point!

Answer 2 · 2018-01-13T15:05:38.000Z

@synox Which file needs to be updated to blacklist usernames? and will blacklisted username when opened shows that it is blacklisted?

Answer 3 · 2018-01-13T17:30:29.000Z

blacklisted usernames will be forwarded to a random address.

see https://github.com/synox/disposable-mailbox/blob/master/src/index.php#L167

Answer 4 · 2018-01-13T19:17:59.000Z

Update: I moved the list of blocked users to the config file.

https://github.com/synox/disposable-mailbox/blob/master/src/config.sample.php#L32