Majic Projects ~ [CLOSED] MAR-195 - Prevent forging of sender addresses

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

You are not logged in

Majic Ansible Roles / Closed Feature request MAR-195 Prevent forging of sender addresses

Votes

There are no more issues in that direction.

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Feature request Unknown issue type
Issue label

No label set
Category

Security Not determined
Targetted for

8.0.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Critical Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Feb 08, 2024
Last updated

Feb 19, 2024
Estimated time

2 hours Not estimated
Time spent

3 hours, 30 minutes No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

The mail_server role implements full functionality for setting-up an SMTP/IMAP server. The implementation requires user to authenticate both when using the SMTP and IMAP.

However, the way the mail server (Postfix) is currently set-up, it is trivial for authenticated user to provide any e-mail address as the sender - there is no validation on whether the logged-in user's e-mail address matches to the sender address advertised by the mail client.

This type of forging can be easily prevented through additional configuration.

The following should be done:

Update the mail_server role.
- Configure Postfix to prevent forging of sender addresses for logged-in users. For implementation se the Protecting against forged sender addresses section of the workaround.org guide.
Update role reference documentation.
Update usage instructions.
Update release notes.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password