address rewriting for remote clients

Wed, 23 Dec 2009 06:55:03 -0800 

Hi.

As far as I understood the documentation, if those two are at their default:
local_header_rewrite_clients = permit_inet_interfaces
remote_header_rewrite_domain =
local clients are subject to address rewriting, but remote ones are not.
Unfortunately it seems that my postfix (2.6.5 from Debian/sid) also rewrites remote clients. 
This is the smtp session:
mail from:<root>
250 2.1.0 Ok
rcpt to:<root>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 2434F18B50A

And the log says:
Dec 23 15:00:51 hilbert postfix/smtpd[24688]: connect from host149.natpool.mwn.de[138.246.7.149] Dec 23 15:01:04 hilbert postfix/smtpd[24688]: 2434F18B50A: client=host149.natpool.mwn.de[138.246.7.149] Dec 23 15:01:06 hilbert postfix/cleanup[24693]: 2434F18B50A: message-id=<20091223140104.2434f18b...@a.mail.srv.scientia.net> Dec 23 15:01:06 hilbert postfix/qmgr[24686]: 2434F18B50A: from=<r...@hilbert.scientia.net>, size=379, nrcpt=1 (queue active) Dec 23 15:01:06 hilbert postfix/local[24694]: 2434F18B50A: to=<r...@hilbert.scientia.net>, orig_to=<root>, relay=local, delay=8.2, delays=8.2/0.02/0/0, dsn=2.0.0, status=sent (delivered to mailbox) 
Dec 23 15:01:06 hilbert postfix/qmgr[24686]: 2434F18B50A: removed
So it seems that both, from and to were rewritten and the mail was delivered which IMHO is quite security critical.
I would have expected that postfix lets both addresses as "root" and says at some point something like "error, undeliverable email, not fully quallified". 

When I set:
remote_header_rewrite_domain = domain.invalid
nothing else happens. The addreses are still rewritten.

Am I doing something wrong?! ;)


Another question:
append_dot_myorigin has to be always yes if I understand the docs correctly.
I do not want to perform append_dot_mydestination style rewrites, rather such messages should generally fail (regardless whether they were submitted locally or not). 
But if I set:
append_dot_mydestination = no
then (as far as I understood the documentation), a domain.invalid would _NOT_ be appended to remote mails if the addres was just something like "r...@foo" because the append_dot_mydestination = no disabled this generally. 
Is this true? If so, how can I get what I want?


Thanks,
Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply via email to