From 11f6fa6e1c39dcc27fb7da0d77ac11589ddf9139 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 31 May 2015 16:48:45 +0100 Subject: [PATCH] Give up on checking claimed sender addresses. I'm told that it's more hassle than its worth. I can track down forgeries sufficiently well by staring at Received headers and staring at logs. --- base.m4 | 28 ---------------------------- config.m4 | 1 - lists.m4 | 8 -------- local.m4 | 21 --------------------- 4 files changed, 58 deletions(-) diff --git a/base.m4 b/base.m4 index d43a6f0..22f6852 100644 --- a/base.m4 +++ b/base.m4 @@ -301,34 +301,6 @@ mail_check_auth: deny message = Sender not authenticated condition = ${if !def:acl_c_user} - ## Make sure that the local part is one that the authenticated sender - ## is allowed to claim. - deny message = Sender address forbidden to calling user - !condition = \ - ${if exists {CONF_sysconf_dir/auth-sender.conf} \ - {${lookup {$acl_c_user} \ - lsearch \ - {CONF_sysconf_dir/auth-sender.conf} \ - {${if match_address \ - {$sender_address} \ - {+value}}} \ - {false}}}} - !condition = ${LOOKUP_DOMAIN($sender_address_domain, - {${if and {{match_local_part \ - {$acl_c_user} \ - {+dom_users}} \ - {match_local_part \ - {$sender_address_local_part} \ - {+dom_locals}}}}}, - {${if and {{match_local_part \ - {$sender_address_local_part} \ - {+user_extaddr}} \ - {or {{eq {$sender_address_domain} \ - {}} \ - {match_domain \ - {$sender_address_domain} \ - {+public}}}}}}})} - ## All done. accept diff --git a/config.m4 b/config.m4 index ee20d3a..e440d28 100644 --- a/config.m4 +++ b/config.m4 @@ -67,7 +67,6 @@ DEFCONF(ca_dir, /etc/ca) ## User address suffix handling. DEFCONF(user_suffix_list, +* : -*) -DEFCONF(user_extaddr_regexp, $acl_c_user([-+@]|\$)) DEFCONF(user_extaddr_fixup, ${sg {$local_part_suffix}{^[-+]}{}}) ## Other hosts allowed to relay mail through us. diff --git a/lists.m4 b/lists.m4 index 93f3b2a..11e1baa 100644 --- a/lists.m4 +++ b/lists.m4 @@ -49,14 +49,6 @@ domainlist thishost = @ : @[] : \ {$item.$qualify_domain}} domainlist public = +thishost : CONF_sysdomains -## Some magic lists used because `match_local_parts' and friends don't expand -## their right-hand sides. -localpartlist dom_users = ${expand:KV(users, {$value}{*})} -localpartlist dom_locals = ${expand:KV(locals, {$value}{+user_extaddr})} -localpartlist user_extaddr = ^CONF_user_extaddr_regexp -addresslist user_extaddr = ^CONF_user_extaddr_regexp -addresslist value = $value - ## All of the `standard' local parts which ought to be provided by a domain. localpartlist required = postmaster : abuse diff --git a/local.m4 b/local.m4 index c403876..65939a2 100644 --- a/local.m4 +++ b/local.m4 @@ -37,27 +37,6 @@ m4_define(<:FILTER_LOCALUSER:>, SECTION(global, priv)m4_dnl local_from_suffix = CONF_user_suffix_list -SECTION(global, process)m4_dnl -## Restrict users to plausible envelope sender addresses. This is -## surprisingly fiddly. What I actually want to say is that the local part -## must match ^$sender_ident(\$|-) and the domain part must match an -## appropriate domain; but writing a conjunction is rather tricky. And so we -## must burn some addresslist variables. -addresslist wrong_local = ! +user_extaddr -addresslist wrong_domain = ! *@+public -addresslist wrong_address = +wrong_local : +wrong_domain -untrusted_set_sender = : \ - ${if exists {CONF_sysconf_dir/auth-sender.conf} \ - {${lookup {$sender_ident} \ - lsearch {CONF_sysconf_dir/auth-sender.conf} \ - {$value}}}} : \ - ${LOOKUP_DOMAIN($sender_address_domain, - {${if and {{match_local_part {$sender_ident} {+dom_users}} \ - {match_local_part {$sender_address_local_part} \ - {+dom_locals}}} \ - {*}}})} : \ - ! +wrong_address - ###-------------------------------------------------------------------------- ### Forwarding and redirection for incoming mail. -- 2.11.0