CVE-2020-12063

For some of the Postfix configurations, the remote user can send e-mails pretending to be someone else (or even using non-existing user name with some homoglyph characters). One of the discussed problems that Postfix params “smtpd_sender_login_maps” and “smtpd_sender_restrictions” looks useless because works only for authorized users and attacker could get round with anonymous sending e-mails to any local user. The described issue should not be considered as security issue, so it is “DISPUTED”.

Mitigation

The described problem could be prevented with the usage of the postfix configuration param check_sender_access (part of smtpd_sender_restrictions) for domain names being used for receiving e-mails with param reject_unverified_sender for each of these domains.

The related part of postfix configuration example:

smtpd_sender_login_maps = texthash:/etc/postfix/sender_login
smtpd_sender_restrictions =
check_sender_access texthash:/etc/postfix/sender_access
reject_sender_login_mismatch
reject_unknown_sender_domain

and the content of the file /etc/postfix/sender_access would be:

mail.mydomain.com reject_unverified_sender

and the content of the file /etc/postfix/sender_login would be:

[email protected] [email protected]