Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Prevent valid local user accounts from being enumerated via RCPT TO command in Postfix in InterScan Messaging Security Virtual Appliance (IMSVA)

    • Updated:
    • 13 Jan 2017
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • InterScan Messaging Security Virtual Appliance 9.1
    • Platform:
    • N/A N/A
Summary

Local user accounts on the IMSVA server (which uses Postfix), can be enumerated when queried using the proper RCPT TO Command.

RCPTTo

To prevent this behavior from occurring, Postfix can be configured to reject RCPT TO queries for local domain accounts.

Details
Public

Configuring Postfix to reject RCPT TO queries for local domain accounts involves two modification processes in an existing IMSVA setup:

  1. Modify main.cf configuration file to accept wildcards in the recipient_access table:
    1. Login to the IMSVA’s CLI using root account.
    2. Search for the parameter "unknown_local_recipient_reject_code" and change its value from 550 to 554:

      unknown_local_recipient_reject_code = 554

    3. Add the "show_user_unknown_table_name" at the bottom of the main.cf file and set its value to “no”.
    4. Configure smtpd_recipient_restrictions in main.cf:

      smtpd_recipient_restrictions = check_recipient_access pcre:/opt/trend/imss/postfix/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination

    5. Save the changes and exit out of the file.
  2. Use regular expression in recipient_access file to define wildcard:
    1. Query the IMSVA server’s hostname:

      # postconf myhostname
      myhostname = imsva.testnet.net

    2. Create the /opt/trend/imss/postfix/etc/postfix/recipient_access using the touch command:

      # cd /opt/trend/imss/postfix/etc/postfix/
      # touch recipient_access

    3. Modify the recipient_access file to define the wildcard using the hostname identified in Step B6. An example may look like this:

      /.*@imsva.testnet.net$/ REJECT Invalid Recipient

       
      Use a space to separate “REJECT” and “Invalid Recipient” messages.
    4. Save the changes and exit out of the file.
    5. Run postmap on the recipient_access file:

      # postmap /opt/trend/imss/postfix/etc/postfix/recipient_access

    6. Restart the Postfix service.

      # service postfix restart

    7. Test via telnet email.

On a test environment using the steps above, the test results looked like this:

test

Premium
Internal
Rating:
Category:
Configure; Deploy
Solution Id:
1116416
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.