Closed KiwiActinidia closed 1 year ago
Yes, this is a huge issue as your secret key can then be used by anyone.
That is because the postfix config is missing the postscreen reply map to hide the key.
data/conf/postfix/main.cf
(or extra.cf
as a temp. workaround until it gets fixed)postscreen_dnsbl_reply_map = texthash:$config_directory/postscreen_dnsbl_reply_map
`data/conf/postfix/postscreen_dnsbl_reply_map
with:YOUR_KEY.sbl.dq.spamhaus.net sbl.spamhaus.org
YOUR_KEY.xbl.dq.spamhaus.net xbl.spamhaus.org
YOUR_KEY.pbl.dq.spamhaus.net pbl.spamhaus.org
YOUR_KEY.zen.dq.spamhaus.net zen.spamhaus.org
YOUR_KEY.dbl.dq.spamhaus.net dbl.spamhaus.org
YOUR_KEY.zrd.dq.spamhaus.net zrd.spamhaus.org
Of course replace YOUR_KEY
with ... your secret key.
docker compose restart postfix-mailcow
docker compose exec postfix-mailcow postconf postscreen_dnsbl_reply_map
Should return:
postscreen_dnsbl_reply_map = texthash:$config_directory/postscreen_dnsbl_reply_map
The key should then stop leaking in the wild now !
Contribution guidelines
I've found a bug and checked that ...
Description
Logs:
Steps to reproduce:
Which branch are you using?
master
Operating System:
N/A
Server/VM specifications:
N/A
Is Apparmor, SELinux or similar active?
N/A
Virtualization technology:
N/A
Docker version:
N/A
docker-compose version or docker compose version:
N/A
mailcow version:
2023-07a
Reverse proxy:
N/A
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check: