[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...
- Subject: [cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...
- From: Jan P Tietze <jptietze@xxxxxxxxxxx>
- Date: Wed Jul 12 03:13:25 2000
Hello everyone, hi Jeff ;-),
the RaQ's implementation of the accept-email-for-domain feature seems a bit
broken to me. I will explain why, including how to fix it.
Imagine you are hosting two or more domains, goodguy.com and badguy.com. Lou is
the site administrator of badguy.com, and would like to be able to masquerade as
someone from the sales department at goodguy.com. goodguy.com is set to accept
email for domain (<user>@goodguy.com), and some virtusertable aliases are
defined in goodguy.com through the GUI. The virtusertable then looks like this:
webmaster@xxxxxxxxxxxxxxx goodguy
# accept-email-for-domain routes
@goodguy.com %1@xxxxxxxxxxxxxxx
Fine! Email messages for webmaster@xxxxxxxxxxx are then rewritten to
webmaster@xxxxxxxxxxxxxxx for which a virtusertable entry exists, so that final
delivery is attempted to the local user goodguy (usernames can be regarded as
distinguished names for mailboxes).
If Lou of badguy.com wishes to masquerade as the sales department of
goodguy.com, he simply creates a site user "sales". The relevant entries in the
virtusertable look like this now:
webmaster@xxxxxxxxxxxxxxx goodguy
sales@xxxxxxxxxxxxxx sales
# accept-email-for-domain routes
@goodguy.com %1@xxxxxxxxxxxxxxx
Note that "sales" is the distinguished name (username) of a badguy.com site
user.
What happens if a message arrives for sales@xxxxxxxxxxx?
The message recipient is rewritten to sales@xxxxxxxxxxxxxxxx Since this is the
local machine, and no further virtusertable mapping can be done, delivery is
attempted to the RaQ3's local user "sales".
Thus, a badguy.com user is able to masquerade as someone from another domain
hosted on the same RaQ, which can potentially cause trouble.
This can be prevented easily by adding the last two rules to the virtusertable:
webmaster@xxxxxxxxxxxxxxx goodguy
sales@xxxxxxxxxxxxxx sales
# accept-email-for-domain routes
@goodguy.com %1@xxxxxxxxxxxxxxx
# custom additions below
@www.goodguy.com error:nouser. No such user for this domain.
@www.badguy.com error:nouser. No such user for this domain.
Of course, the "error" lines should not only be added for these two domains, but
for every single domain hosted on the RaQ. This way, undefined e-mail alias
names in a domain will be rejected, instead of delivered locally to a user of
the same name.
Another way to fix this would be to create catch-all entries for
@www.goodguy.com and @www.badguy.com, in case you do not want messages rejected
but delivered to the right sites' users.
Cobalt is working on a fix.
Jan Tietze <jptietze@xxxxxxxxxxx>