Sender field mangled in milter

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Sender field mangled in milter

Ryan Beethe
Hi,

I noticed that the address rewriting that postfix is doing seems to
rewriting invalid mailboxes as valid ones.

I noticed this while writing an automated test around a milter I have
which does a few privacy-alias-friendly things, like allowing you to
send messages with a From field that matches an alias you own (but
preventing you from sending a From field that does not match any owned
aliases), or re-writing the envelope-from in the case that your MUA
didn't bother to match your envelope-from to your From field.

What I noticed is that this invalid mailbox:

    Sender: A <[hidden email]

Is being sent to my milter as:

    "A <1"@splintermail.com

The first form was invalid, but the second form is valid, which seems
like undesired behavior.  Even if you were going to guess at the correct
address from the first form, the second form is a pretty poor guess.

Is there a way to disable this rewriting, or to better detect invalid
addresses so as to not rewrite them as valid addresses?

Ryan
Reply | Threaded
Open this post in threaded view
|

Re: Sender field mangled in milter

Wietse Venema
Ryan Beethe:

> Hi,
>
> I noticed that the address rewriting that postfix is doing seems to
> rewriting invalid mailboxes as valid ones.
>
> I noticed this while writing an automated test around a milter I have
> which does a few privacy-alias-friendly things, like allowing you to
> send messages with a From field that matches an alias you own (but
> preventing you from sending a From field that does not match any owned
> aliases), or re-writing the envelope-from in the case that your MUA
> didn't bother to match your envelope-from to your From field.
>
> What I noticed is that this invalid mailbox:
>
>     Sender: A <[hidden email]
>
> Is being sent to my milter as:
>
>     "A <1"@splintermail.com
>
> The first form was invalid, but the second form is valid, which seems
> like undesired behavior.  Even if you were going to guess at the correct
> address from the first form, the second form is a pretty poor guess.
>
> Is there a way to disable this rewriting, or to better detect invalid
> addresses so as to not rewrite them as valid addresses?

No. Postfix delivers correctly formatted email correctly, implementing
specified behavior in RFC documents. The behavior witn incorrect input
is undefined.

Postfix can block SOME malformed inputs with "strict_rfc821_envelopes=yes".
Example:

SMTP:

    220 wzv.porcupine.org ESMTP Postfix
    mail from:<A <[hidden email]>
    501 5.1.7 Bad sender address syntax

Logging:

    Oct 12 13:01:49 wzv postfix/smtpd[551830]: warning: Illegal
    address syntax from localhost[127.0.0.1] in MAIL command:
    <A <[hidden email]>>

This will not block all possible bad inputs. The behavior witn
incorrect input is undefined.

        Wietse