I'm using postfix virtual mailboxes and virtual aliases. Aliases are
stored into a LDAP table:
# main.cf
virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf
If I send mail to an alias address, for instance <alias@example.com>,
everything works fine.
If I send mail to that alias but adding a leading space, i.e. "
alias@example.com", postfix accepts mail as you can see in the following
telnet session to my smtp server:
220 prova.meteor.meteor ESMTP Postfix
mail from:<aaa>
250 2.1.0 Ok
rcpt to:<" alias@example.com">
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
.
250 2.0.0 Ok: queued as DE5E41D554
After queuing email postfix bounces it and in mail log I can see:
May 3 17:31:13 prova postfix/virtual[8450]: DE5E41D554: to=<
alias@example.com>, relay=virtual, delay=32, delays=32/0.01/0/0.07,
dsn=5.1.1, status=bounced (unknown user: " alias@example.com")
In my opinion this is an odd behavior: postfix should not accept mail
and bounce it afterward.
Postfix should either reject mail at RCPT TO stage, or accept it and
then deliver it properly performing alias expansion after removing extra
spaces from recipient address.
If an attacker sends mails to " alias@example.com" he can generate a lot
of back-scattering spam.