Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 249779 - smtp server does not check the sender address.
Summary: smtp server does not check the sender address.
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-04 10:37 UTC by Christian Ruppert (idl0r)
Modified: 2008-12-04 22:49 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ruppert (idl0r) gentoo-dev 2008-12-04 10:37:46 UTC 
<snip>
Delivered-To: spooky85@gmail.com
Received: by 10.150.219.21 with SMTP id r21cs2708ybg;
        Wed, 3 Dec 2008 23:03:19 -0800 (PST)
Received: by 10.142.241.10 with SMTP id o10mr5771602wfh.112.1228374198418;
        Wed, 03 Dec 2008 23:03:18 -0800 (PST)
Return-Path: <amd64@gentoo.org>
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
        by mx.google.com with ESMTP id 28si1135551wfd.14.2008.12.03.23.03.13;
        Wed, 03 Dec 2008 23:03:18 -0800 (PST)
Received-SPF: pass (google.com: domain of amd64@gentoo.org designates 140.211.166.183 as permitted sender) client-ip=140.211.166.183;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of amd64@gentoo.org designates 140.211.166.183 as permitted sender) smtp.mail=amd64@gentoo.org
Received: by smtp.gentoo.org (Postfix)
	id 20BF664A10; Thu,  4 Dec 2008 07:03:13 +0000 (UTC)
Delivered-To: amd64@gentoo.org
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id 5534664804
	for <amd64@gentoo.org>; Thu,  4 Dec 2008 07:03:12 +0000 (UTC)
X-Virus-Scanned: amavisd-new at gentoo.org
X-Spam-Flag: YES
X-Spam-Score: 24.465
X-Spam-Level: ************************
X-Spam-Status: Yes, score=24.465 required=5.5 tests=[BAYES_99=3.5,
	DCC_CHECK=2.17, DIGEST_MULTIPLE=0.001, HTML_IMAGE_ONLY_04=2.041,
	HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457,
	PYZOR_CHECK=3.7, RAZOR2_CF_RANGE_51_100=0.5,
	RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5,
	RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905,
	RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1,
	TVD_SPACE_RATIO=2.219]
Received: from smtp.gentoo.org ([127.0.0.1])
	by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id FU+uNskdCwwI for <amd64@gentoo.org>;
	Thu,  4 Dec 2008 07:03:12 +0000 (UTC)
Received: from 85-250-127-222.bb.netvision.net.il (85-250-127-222.bb.netvision.net.il [85.250.127.222])
	by smtp.gentoo.org (Postfix) with SMTP id AAFCF647C9
	for <amd64@gentoo.org>; Thu,  4 Dec 2008 07:03:08 +0000 (UTC)
To: <amd64@gentoo.org>
Subject: Re: Order status
From: <amd64@gentoo.org>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Message-Id: <20081204070308.AAFCF647C9@smtp.gentoo.org>
Date: Thu,  4 Dec 2008 07:03:08 +0000 (UTC)

spam...
</snip>

i think postfix should check the sender address if it contains local domains/addresses and drop the connection if the sender isn't authenticated.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-12-04 22:49:06 UTC 
No. Because that would require every developer and alias to be forcibly relayed via mail.gentoo.org, which is not an option for many people behind firewalls.

Our new mail stuff, when I get around to it, will be blocking more of the spam when it's inbound at g.o, before passing it on.