First Last Prev Next    This bug is not in your last search results.
Bug 48629 - Postfix allows to send mails even if no mailPrimaryAddress is specified in LDAP
Postfix allows to send mails even if no mailPrimaryAddress is specified in LDAP
Status: NEEDMOREINFO
Product: UCS
Classification: Unclassified
Component: Mail
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Mail maintainers
Mail maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-02-07 16:44 CET by Sönke Schwardt-Krummrich
Modified: 2021-05-03 21:58 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2019-02-07 16:44:55 CET 
Currently postfix allows a SMTP login via $UID even if no mailPrimaryAddress is specified for that user object in LDAP. Like any other UCS user with mailPrimaryAddress, the user is able to send mails with an arbitrary sender address.
The respective user account can only be identified via the mail.log file but not via mail headers.
Comment 1 Ingo Steuwer univentionstaff 2019-05-17 08:55:01 CEST 
Would fixing Bug #40609 fix this, too?
Comment 2 Daniel Tröder univentionstaff 2019-05-17 11:17:56 CEST 
(In reply to Ingo Steuwer from comment #1)
> Would fixing Bug #40609 fix this, too?
Not sure about the current implementation, but it could be used to to prevent this scenario.
First Last Prev Next    This bug is not in your last search results.