Local user accounts on the DDEI server (which uses Postfix), can be enumerated when queried using the proper RCPT TO Command.
Configuring Postfix to reject RCPT TO queries for local domain accounts involves two modification processes in an existing DDEI setup:
- Modify main.cf configuration file to accept wildcards in the recipient_access table:
- Log in to the DDEI’s CLI using root account.
-
Search for the parameter "unknown_local_recipient_reject_code" and change its value from 550 to 554:
unknown_local_recipient_reject_code = 554
- Add the "show_user_unknown_table_name" at the bottom of the main.cf file and set its value to “no”.
-
Configure smtpd_recipient_restrictions in main.cf:
smtpd_recipient_restrictions = check_recipient_access pcre:/opt/trend/ddei/postfix/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination
- Save the changes and exit out of the file.
-
Use regular expression in recipient_access file to define wildcard:
-
Query the DDEI server’s hostname:
# postconf myhostname
myhostname = ddei-158.danielvm.com -
Create the /opt/trend/ddei/postfix/etc/postfix/recipient_access using the touch command:
# cd /opt/trend/ddei/postfix/etc/postfix/
# touch recipient_access -
Modify the recipient_access file to define the wildcard using the hostname identified in Step B6. For example:
/.*@ddei-158.danielvm.com$/ REJECT Invalid Recipient
Use a space to separate “REJECT” and “Invalid Recipient” messages. - Save the changes and exit out of the file.
-
Run postmap on the recipient_access file:
# postmap /opt/trend/ddei/postfix/etc/postfix/recipient_access
-
Restart the Postfix service.
# service postfix restart
- Test via telnet email.
On a test environment using the steps above, the test results looked like this:
-
