#580097 postfix-ldap: address aliases with leading space

Package:
postfix-ldap
Source:
postfix
Description:
LDAP map support for Postfix
Submitter:
Andrea Janna
Date:
2010-05-03 16:03:04 UTC
Severity:
normal
#580097#5
Date:
2010-05-03 15:53:14 UTC
From:
To:
I'm using postfix virtual mailboxes and virtual aliases. Aliases are
stored into a LDAP table:
     # main.cf
     virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf
If I send mail to an alias address, for instance <alias@example.com>,
everything works fine.

If I send mail to that alias but adding a leading space, i.e. "
alias@example.com", postfix accepts mail as you can see in the following
telnet session to my smtp server:
220 prova.meteor.meteor ESMTP Postfix
mail from:<aaa>
250 2.1.0 Ok
rcpt to:<" alias@example.com">
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
.
250 2.0.0 Ok: queued as DE5E41D554

After queuing email postfix bounces it and in mail log I can see:
May  3 17:31:13 prova postfix/virtual[8450]: DE5E41D554: to=<
alias@example.com>, relay=virtual, delay=32, delays=32/0.01/0/0.07,
dsn=5.1.1, status=bounced (unknown user: " alias@example.com")

In my opinion this is an odd behavior: postfix should not accept mail
and bounce it afterward.
Postfix should either reject mail at RCPT TO stage, or accept it and
then deliver it properly performing alias expansion after removing extra
spaces from recipient address.
If an attacker sends mails to " alias@example.com" he can generate a lot
of back-scattering spam.