how to prevent post-auth sender spoofing

From: Josephus <josephus_at_josephus.hu>
Date: Fri, 28 May 2010 04:58:18 +0200

Hi,

I'm trying to deploy dkim into a multi/virtualdomain environment where
users send emails via sasl authentication. A common MTA setup doesn't
check for sender address after the authentication is done. Once I'm
authenticated I can send mails using anything as the sender.
So once a user is allowed to send, they would select an email address
that's also on the system (on someone else's domain), the message will
be signed with dkim, because the sender domain matches a key in the
database. The receiving end will trust in the dkim signature however the
whole message was forged from the beginning.
I know it's not really a dkim issue, but you might have dealt with the
situation before. Using Postfix I have thought about restricting sender
addresses to the sasl authenticated username, but that would kill the
feature where you can set up multiple identities in your MUA for all
your aliases.
Not to mention that we have some internal hosts for which we do not
require authentication (such as webservers).

Thanks for your advice
Jos.
Received on Fri May 28 2010 - 02:58:39 PST