This page looks best with JavaScript enabled

Blackhole postfix

 ·  🎃 kr0m

On many occasions, it is interesting to configure postfix so that it does not respond when an email is sent to a certain account or to a non-existent account (wildcard). For example, it could be used to avoid the enumeration of existing accounts. What we are going to do is to send said email to /dev/null.

We create the local alias:

vi /etc/aliases

devnull: /dev/null

We indicate to postfix where the available aliases are:

vi /etc/postfix/main.cf

alias_maps = hash:/etc/aliases
newaliases_path = /usr/bin/newaliases

We update the alias database:

/usr/bin/newaliases

We configure postfix to consult the database to determine which alias to use depending on the destination address. These aliases can be both local and remote:

vi /etc/postfix/main.cf

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = XXXXX
password = XXXXXXXX
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

The table must have the following structure:

mysql> desc alias;
+----------+--------------+------+-----+---------------------+-------+
| Field    | Type         | Null | Key | Default             | Extra |
+----------+--------------+------+-----+---------------------+-------+
| address  | varchar(255) | NO   | PRI | NULL                |       |
| goto     | text         | NO   |     | NULL                |       |
| domain   | varchar(255) | NO   | MUL | NULL                |       |
| created  | datetime     | NO   |     | 0000-00-00 00:00:00 |       |
| modified | datetime     | NO   |     | 0000-00-00 00:00:00 |       |
| active   | tinyint(1)   | NO   |     | 1                   |       |
+----------+--------------+------+-----+---------------------+-------+

An example of an alias to devnull@localhost:

mysql> select * from alias where address='bounce@alfaexploit.com';
+------------------------+---------+-----------------+---------------------+---------------------+--------+
| address                | goto    | domain          | created             | modified            | active |
+------------------------+---------+-----------------+---------------------+---------------------+--------+
| bounce@alfaexploit.com | devnull | alfaexploit.com | 2017-02-15 12:49:57 | 2017-02-15 12:49:57 |      1 |
+------------------------+---------+-----------------+---------------------+---------------------+--------+

When someone sends an email to bounce@alfaexploit.com , the alias to devnull@localhost will be applied, and the alias for local addresses in /etc/aliases will come into action.

If we want a blackhole for all non-existent addresses, we will have to enter two queries, first for the real aliases and then for the non-existent addresses. When the first query does not match, it will try the second one, which will always match.

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/mysql_virtual_devnull_alias_maps.cf
vi /etc/postfix/mysql/mysql_virtual_devnull_alias_maps.cf
user = XXXXX
password = XXXXXXXX
hosts = localhost
dbname = postfix
query = SELECT goto FROM devnullalias WHERE domain='%d' AND active = '1'

We create the second table:

mysql> create table devnullalias ( domain varchar(255), goto text, active tinyint(1) );
mysql> insert into devnullalias (domain, goto, active) values ('alfaexploit.com', 'devnull', '1');
mysql> select * from devnullalias;
+------------------------+---------+--------+
| domain                 | goto    | active |
+------------------------+---------+--------+
| alfaexploit.com        | devnull |      1 |
+------------------------+---------+--------+
If you liked the article, you can treat me to a RedBull here