On 8/21/2014 2:49 PM, Viktor Dukhovni wrote:
On Thu, Aug 21, 2014 at 02:22:46PM -0700, Darren Pilgrim wrote:
I want to rewrite the envelope recipient of a message if it's from a
specific sender, but have that rewrite change the envelope before reaching
permit_auth_destination (i.e., an immediate, before-queue rewrite). I want
this so that I don't have to allow open relay from a given address just to
bypass relay restrictions that don't apply anyway because the mail will
ultimately redirect to an address within mydestinations.
The sender can't authenticate itself, so I'm a bit stuck. Is the above
possible?
There's no need for this.
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtpd_restrictions_classes = redirect_sender
redirect_sender =
check_sender_access ${indexed}sender-redirect
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access ${indexed}redirected-senders,
reject_unauth_destination,
...
sender-redirect:
j...@example.com moe@local.example
redirected-senders:
j...@example.com redirect_sender, permit
Just make sure that new senders are added to sender-redirect before
redirected-senders, and removed after.
I tried the above. There were problems:
- "restriction" in smtpd_restriction_classes isn't plural
- access maps don't accept a bare email address as a valid action
Fixing the pluralisation for the prior and prepending "REDIRECT " to the
RHS of the map for the latter got it working. Sort of.
Here's the config I have right now:
maps = ${config_directory}/maps
smtpd_restriction_classes = redirect_printers
redirect_printers =
check_sender_access pcre:${maps}/redirect_printers.pcre
smtpd_recipient_restrictions =
reject_unlisted_sender
reject_unlisted_recipient
permit_sasl_authenticated
check_sender_access pcre:${maps}/sender_acl.pcre
permit_auth_destination
reject
In sender_acl.pcre:
/^printer\./ redirect_printers, permit
In redirect_printers.pcre:
/.*/ REDIRECT printerad...@example.com
I'm using virtual mailboxes (delivery via Dovecot deliver). If
printerad...@example.com is found with a virtual_mailbox_maps lookup,
the above works perfectly. If printerad...@example.com needs one or
more virtual_alias_maps lookups to resolve a mailbox (or external
address), however, the message bounces:
In the bounce:
<printerad...@example.com> (expanded from <origina...@example.com>):
user unknown
And:
Reporting-MTA: dns; poodle.example.com
X-Postfix-Queue-ID: 971749660
X-Postfix-Sender: rfc822; printer.km1...@example.com
Arrival-Date: Fri, 22 Aug 2014 01:11:34 -0700 (PDT)
Final-Recipient: rfc822; printerad...@example.com
Original-Recipient: rfc822;origina...@example.com
Action: failed
Status: 5.1.1
Diagnostic-Code: x-unix; user unknown
If I email printerad...@example.com directly it works fine, so I know at
least the alias does work. Postfix doesn't appear to do alias
resolution on the REDIRECT'ed address. Do I need to add something to a
setting that controls lookups on redirects?
