Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing valid local user accounts from being enumerated via RCPT TO command in Postfix in Deep Discovery Email Inspector (DDEI) 5.0

    • Updated:
    • 12 Mar 2021
    • Product/Version:
    • Deep Discovery Email Inspector 5.0
    • Platform:
Summary

Local user accounts on the DDEI server (which uses Postfix), can be enumerated when queried using the proper RCPT TO Command.

RCPT TO Command

Details
Public
 
First of all, you need to have the DDEI SSH token to SSH to DDEI.
 

Configuring Postfix to reject RCPT TO queries for local domain accounts involves two modification processes in an existing DDEI setup:

  1. Modify main.cf configuration file to accept wildcards in the recipient_access table:
    1. Log in to the DDEI’s CLI using root account.
    2. Search for the parameter "unknown_local_recipient_reject_code" and change its value from 550 to 554:

      unknown_local_recipient_reject_code = 554

    3. Add the "show_user_unknown_table_name" at the bottom of the main.cf file and set its value to “no”.
    4. Configure smtpd_recipient_restrictions in main.cf:

      smtpd_recipient_restrictions = check_recipient_access pcre:/opt/trend/ddei/postfix/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination

    5. Save the changes and exit out of the file.
  2. Use regular expression in recipient_access file to define wildcard:

    1. Query the DDEI server’s hostname:

      # postconf myhostname
      myhostname = ddei-158.danielvm.com

    2. Create the /opt/trend/ddei/postfix/etc/postfix/recipient_access using the touch command:

      # cd /opt/trend/ddei/postfix/etc/postfix/
      # touch recipient_access

    3. Modify the recipient_access file to define the wildcard using the hostname identified in Step B6. For example:

      /.*@ddei-158.danielvm.com$/ REJECT Invalid Recipient

       
      Use a space to separate “REJECT” and “Invalid Recipient” messages.
       
    4. Save the changes and exit out of the file.
    5. Run postmap on the recipient_access file:

      # postmap /opt/trend/ddei/postfix/etc/postfix/recipient_access

    6. Restart the Postfix service.

      # service postfix restart

    7. Test via telnet email.

    On a test environment using the steps above, the test results looked like this:

    sample

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000285902
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.