Preventing From: address spoofing #498

jchristgit · 2024-08-25T18:39:00Z

Currently services can send e-mails as users, and vice versa. Users can also
send e-mails as other users.

We should validate that the user sending an e-mail owns the address (can also be
an alias) before being able to send.

Most likely, we can use Postfix's smtpd_sender_login_maps for this.

The text was updated successfully, but these errors were encountered:

jb3 · 2024-09-07T13:04:22Z

To handle this, we need to:

Handle a user sending from their own account ([email protected])
Handle a user sending from a domain alias ([email protected])
Handle a user sending as a group they are a member of ([email protected])
Allow services to send as any @int.pydis.wtf address OR a granted address (e.g. [email protected])

jchristgit added component: email Issues relating to our email forwarding system, hosted on our netcup machines. group: ansible Issues and pull requests related to the Ansible setup labels Aug 25, 2024

github-project-automation bot added this to Infrastructure Aug 25, 2024

github-project-automation bot moved this to Up next in Infrastructure Aug 25, 2024

python-discord deleted a comment Aug 26, 2024

python-discord locked as spam and limited conversation to collaborators Aug 26, 2024

python-discord unlocked this conversation Sep 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Preventing From: address spoofing #498

Preventing From: address spoofing #498

jchristgit commented Aug 25, 2024

jb3 commented Sep 7, 2024

Preventing From: address spoofing #498

Preventing From: address spoofing #498

Comments

jchristgit commented Aug 25, 2024

jb3 commented Sep 7, 2024