Tag Archives: Postfix

Configuring email notifications to be friendly but secure

I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user.

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn.  Even Linux geeks.

A common Web 2.0 rich Web application system deployment involves a Web server running php and postfix for delivery of  email notifications to Web site members. There are 4 key system requirements for such a deployment:

  • A. Deploy as a null client, i.e as a machine that receives no mail from the network, and does not deliver any mail locally. This is a hugely important requirement to not turning your Web server into a launchpad for spammers.
  • B. Rewrite the default Apache www-data@domain with something more meaningful like
    domain@domain.com without changing PHP code.   This is both a usability issue and a security issue, since it is a bad idea to advertise the fact that your Web site operations are clueless to the point of not knowing how to change default LAMP settings.
  • C. Provide a human-readable From: in the header so that the users of your great Web 2.0 social media app will see real names instead of your domain. This is definitely a usability issue unrelated to security.
  • D. Mask the email addresses of your users so that you don’t disclose personal information. This is a basic data security and privacy requirement.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this