W dniu 11.09.2024 o 11:34, Matus UHLAR - fantomas via Postfix-users pisze:
On 11.09.24 09:11, natan via Postfix-users wrote:
Bill I have seperate setup like
1)one serve for outgoing
2)one server for incomming + dovecot cluster
I personally still don't knbow how your system works.
W dniu 10.09.2024 o 18:07, Bill Cole via Postfix-users pisze:
On 2024-09-10 at 08:05:21 UTC-0400 (Tue, 10 Sep 2024 14:05:21 +0200)
natan via Postfix-users <na...@epf.pl>
is rumored to have said:
Hi
Is avilable to run thats setup use postfix+milter ?
For test I run thats setup:
1)enable addheaders on dovecot
2)create special rules in sieve like:
if allof (header :contains "return-path" "@domain.ltd",
header :contains "Received" "domai",
header :contains "X-HEADERS" "domain")
{
if header :matches "Subject" "*" {
set "subject" "${1}";
}
deleteheader "Subject";
addheader :last "Subject" "[INT] ${subject}";
addheader "X-INFO" "email INT";
}
All of that should only apply on incoming messages, as dovecot and
its sieve tool are only involved in final local delivery and IMAP.
yes, the above should only apply for incoming messages after they have
been processes by milters etc.
When sending mail my smtp adds the header "X-HEADERS domain"
are you sure no remote sender adds that header in your mail? In that
case they could fake your internal mail.
3)other options I create a milter....
all works fine with options 2 or options 3 but ........
The problem is with DKIM signing when I try to reply to a message
and the external recipient has DMARC verification
If I have a p=none policy in DMARC it works correctly but if
p=reject it is known - the message is rejected due to an error for
DKIM Because DKIM also signs the subject and it is changed by sieve
how and when do you DKIM-SIGN yourt outgoing mail? This looks like you
first sign outgoing mail and then modify it so DKIM signature gets
invalidated.
user send e-mail via server "only for send" smtp.domain.ltd
smtp.domain.ltd have postfix:
...
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
....
e-mail go to my phisical separate machine (MX) like mx.domain.ltd
...
virtual_transport = lmtp:inet:10.12.12.1:24
...
and via lmt go to klaster dovecotdirector (i have 20 dovecot nodes)
any dovecot via nfs connect to storage
and any user have own sieve and sieve add headders
The sieve filter has individual exceptions and a set of dependencies set
Of course, this is an additional safeguard that can help
How are you configured that you are passing locally-submitted mail
through sieve? That shouldn't be possible...
For the time being I have only left tagging the addheader header
itself and I leave it on the mail client side (e.g. label)
Is there another way ?
Or is it such a stupid idea that it is worth abandoning?
There are options for modifying incoming mail but that should only be
done after it's checked for spamminess.
I know cases where only the external mail is modified.
--
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
