Bug 29615 – postfix listfilter.py prüft (NUR) die Absender-Adresse nicht den Login-Namen

Bug 29615 - postfix listfilter.py prüft (NUR) die Absender-Adresse nicht den Login-Namen


Summary:	postfix listfilter.py prüft (NUR) die Absender-Adresse nicht den Login-Namen

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Mail
Version:	UCS 3.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-0-errata
Assigned To:	Daniel Tröder
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:

Depends on:
Blocks:	41055 44760
	Show dependency tree / graph

Reported:	2012-12-06 16:38 CET by Felix Botner
Modified:	2017-06-12 12:20 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.069
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2012-12-06 16:38:38 CET

listfilter.py prüft Nur die Absender-Adresse einer Mail um zu prüfen, ob der Sender berechtigt ist.

Die Absender-Adresse ist aber keine hinreichende Info um den Absender zu prüfen. Vielmehr müsste man in listfilter.py auf "sasl_username" prüfen. Dann kann wird der SASL Loginname geprüft.

Comment 1 Kevin Dominik Korte

2013-04-04 09:23:40 CEST

It is possible to use the following mail/postfix/smtpd/restrictions/recipient/* variables
ucr set mail/postfix/smtpd/restrictions/recipient/45=reject_sender_login_mismatch 
or
ucr set mail/postfix/smtpd/restrictions/recipient/20=reject_unlisted_sender

more informations can be found at http://www.postfix.org/postconf.5.html#check_sender_access

Comment 2 Sönke Schwardt-Krummrich

2016-01-06 14:51:14 CET

listfilter.py should check "sasl_username" by default. And it should be possible to switch to the old behaviour (check of "sender") via UCR.

Comment 3 Daniel Tröder

2016-01-18 16:56:29 CET

Mailinglist/mail groups filter now checks sasl_username instead of sender address by default.
With a new UCRV the behavior can be switched back: mail/postfix/policy/listfilter/use_sasl_username

Commit: 66856
YAML: 66857

Comment 4 Sönke Schwardt-Krummrich

2016-02-03 15:03:14 CET

OK: code change
OK: functional test
    Tested without restrictions and with user, group and both restrictions.
OK: YAML

Comment 5 Janek Walkenhorst

2016-02-04 14:00:28 CET

<http://errata.software-univention.de/ucs/4.1/87.html>