See #237 for context. Someone was able to bypass the fix by sending "from" the mail subdomain. Seems like any valid subdomain is affected by this.
I solved it by adding the line echo "/^(.*)@(.*)\.$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" >> /etc/postfix/login_maps.pcre below the previous line. This works for me since I don't have more than one level of subdomains, but there may be a better more general purpose solution.
How to reproduce:
openssl s_client -starttls smtp -connect mail.example.com:587 <<EOF
helo example.com
mail from:<admin@mail.example.com>
rcpt to:<user@example.com>
Data
From: <admin@mail.example.com>
To: <user@example.com>
Subject: Yo
This is a mail
.
quit
EOF
See #237 for context. Someone was able to bypass the fix by sending "from" the
mailsubdomain. Seems like any valid subdomain is affected by this.I solved it by adding the line
echo "/^(.*)@(.*)\.$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" >> /etc/postfix/login_maps.pcrebelow the previous line. This works for me since I don't have more than one level of subdomains, but there may be a better more general purpose solution.How to reproduce: