Re: how to prevent post-auth sender spoofing

From: Daniel Black <daniel.subs_at_internode.on.net>
Date: Wed, 16 Jun 2010 13:44:20 +1000

On Saturday 29 May 2010 12:27:01 Daniel Black wrote:
> On Friday 28 May 2010 12:58:18 Josephus wrote:
> > Hi,
> >
> > I'm trying to deploy dkim into a multi/virtualdomain environment where
> > users send emails via sasl authentication. A common MTA setup doesn't
> > check for sender address after the authentication is done.
>
> are you talking about the From: header field or the envelope address?
>
> Envelope is a easy to deal with in the MTA (as below).
>
> > Once I'm
> > authenticated I can send mails using anything as the sender.
> > So once a user is allowed to send, they would select an email address
> > that's also on the system (on someone else's domain), the message will
> > be signed with dkim, because the sender domain matches a key in the
> > database. The receiving end will trust in the dkim signature however the
> > whole message was forged from the beginning.

Given the complexity of a solution here perhaps a new feature is called for.

opendkim.conf.5
"SignStrict (from|sender|all|none) (default none)

When set to something other than 'none', the signature will only be applied if
the envelope sender matches the From, Sender, both (From and Sender) header
fields."

Good/Bad/Ugly?

I'll write it up as a FFR after feedback.

Daniel
Received on Wed Jun 16 2010 - 04:03:00 PST