On a mail gateway, I want to masquerade envelope senders from certain clients only; for all other clients, no envelope information should be rewritten. According to ADDRESS_REWRITING_README.html#masquerade, I should be able to do this by setting local_header_rewrite_clients appropriately. However, I cannot seem to get clients excluded from masquerading as soon as masquerade_domains is set.
I have narrowed it down to the following test configuration (postconf -n, Postfix 2.9.4 on Gentoo): ---- config_directory = /etc/postfix local_header_rewrite_clients = masquerade_domains = topfen.net mydestination = $myhostname mydomain = topfen.net mynetworks = 127.0.0.0/8 192.168.1.2 smtpd_client_restrictions = smtpd_data_restrictions = smtpd_end_of_data_restrictions = smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination smtpd_sender_restrictions = ---- When I send a message from a client machine (IP address 192.168.1.2) using swaks --from t...@nonexistant.topfen.net --to ulrich-t...@topfen.net --server 192.168.1.1 --local-interface 192.168.1.2 the envelope sender address is still masqueraded, as shown by the logging: ---- Nov 9 17:56:08 bertha postfix/postfix-script[22530]: starting the Postfix mail system Nov 9 17:56:08 bertha postfix/master[22531]: daemon started -- version 2.9.4, configuration /etc/postfix Nov 9 17:56:11 bertha postfix/smtpd[22560]: connect from tuxi.lnz.zehl.at[192.168.1.2] Nov 9 17:56:11 bertha postfix/smtpd[22560]: 172566DF30: client=tuxi.lnz.zehl.at[192.168.1.2] Nov 9 17:56:11 bertha postfix/cleanup[22563]: 172566DF30: message-id=<> Nov 9 17:56:11 bertha postfix/qmgr[22535]: 172566DF30: from=<t...@topfen.net>, size=411, nrcpt=1 (queue active) Nov 9 17:56:11 bertha postfix/smtpd[22560]: disconnect from tuxi.lnz.zehl.at[192.168.1.2] Nov 9 17:56:25 bertha postfix/smtp[22566]: 172566DF30: to=<ulrich-t...@topfen.net>, relay=poststelle.topfen.net[212.24.114.155]:25, delay=14, delays=0.09/0.02/7.1/7.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3XynZB2D7bz2CPj) Nov 9 17:56:25 bertha postfix/qmgr[22535]: 172566DF30: removed ---- Note that qmgr seems to log only the rewritten envelope address, so I have also captured the actual packets sent over the wire and made them available at http://www.topfen.net/user/ul/tmp/smtp-masquerading.pcap; the output of swaks and Postfix logging is also available at http://www.topfen.net/user/ul/tmp/smtp-masquerading.txt. According to my understanding of ADDRESS_REWRITING_README, since local_header_rewrite_clients is empty, mail from no SMTP client should be subject to masquerading, yet the address is still rewritten. Have I missed some other form of address rewriting? Have I made another mistake? Regards, Ulrich
