Re: how to prevent post-auth sender spoofing

From: Daniel Black <>
Date: Wed, 16 Jun 2010 13:44:20 +1000

On Saturday 29 May 2010 12:27:01 Daniel Black wrote:
> On Friday 28 May 2010 12:58:18 Josephus wrote:
> > Hi,
> >
> > I'm trying to deploy dkim into a multi/virtualdomain environment where
> > users send emails via sasl authentication. A common MTA setup doesn't
> > check for sender address after the authentication is done.
> are you talking about the From: header field or the envelope address?
> Envelope is a easy to deal with in the MTA (as below).
> > Once I'm
> > authenticated I can send mails using anything as the sender.
> > So once a user is allowed to send, they would select an email address
> > that's also on the system (on someone else's domain), the message will
> > be signed with dkim, because the sender domain matches a key in the
> > database. The receiving end will trust in the dkim signature however the
> > whole message was forged from the beginning.

Given the complexity of a solution here perhaps a new feature is called for.

"SignStrict (from|sender|all|none) (default none)

When set to something other than 'none', the signature will only be applied if
the envelope sender matches the From, Sender, both (From and Sender) header


I'll write it up as a FFR after feedback.

Received on Wed Jun 16 2010 - 04:03:00 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:47 PST