pigeonhole question: filtering on delivered-to in case of fetchmail

Trever L. Adams trever at middleearth.sapphiresunday.org
Tue Jul 16 03:11:10 EEST 2019 

So, one of the problems I am seeing is that people are trying to fake
users into revealing information by sending from an outside domain but
with an internal reply to address and claiming to be administration, IT
or what not.

I can set up something that will reject if from is outside the domain by
reply to is internal. The problem is in some setups, there are fetchmail
setups. I do not want to reject these with a message. Which is what I am
currently doing for the others. Maybe I should discard them all without
rejecting.

However, my question is this:

Since such fetchmail messages will usually end up with two (at least
two?!?) Delivered-To headers, one for the fetchmail delivery and one for
the original target address's/system's delivery is it possible to do
something like this and have it work?


require ["fileinto", "regex","reject"];
if address :regex "Reply-To" ".*@<%= @name -%>" {
    if not address :regex "From" ".*@<%= @name -%>" {
        if not header :regex "Delivered-To" " .*@<%= @name -%> {
                    reject "We do not allow emails from outside our
system to give Reply-To into our system!";
                    stop;
        }
    }
}

Please, not the <% =@name -%> is just that this is from a puppet module
I use to maintain these systems. It is the domain name for the mail
system. An example would be .*@middleearth.sapphiresunday.org here.

Thank you for any help in figuring this out.

The reason I want a reject in the case of non-fetchmail email is to let
users know if they try to do it (as many have multiple email accounts)
and may try it. But in fetchmail cases, no need to leak to the outside
world that users are doing fetchmail and what their account is in the
other system.

Thank you.

Trever


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190715/8142b4b7/attachment.sig>

More information about the dovecot mailing list