Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Feature request MAR-195 Prevent forging of sender addresses
action_vote_minus_faded.png
0
Votes
action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Feature request
  • Category
    Security
  • Targetted for
    8.0.0
  • Status
    Closed
  • Progress
  • Priority
    Critical
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    3 hours, 30 minutes
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

The mail_server role implements full functionality for setting-up an SMTP/IMAP server. The implementation requires user to authenticate both when using the SMTP and IMAP.

However, the way the mail server (Postfix) is currently set-up, it is trivial for authenticated user to provide any e-mail address as the sender - there is no validation on whether the logged-in user's e-mail address matches to the sender address advertised by the mail client.

This type of forging can be easily prevented through additional configuration.

The following should be done:

  • Update the mail_server role.
    • Configure Postfix to prevent forging of sender addresses for logged-in users. For implementation se the Protecting against forged sender addresses section of the workaround.org guide.
  • Update role reference documentation.
  • Update usage instructions.
  • Update release notes.
Todos (0 / 0)
There are no comments