On 16 Sep 2015, at 4:16, Mario Rosic wrote:
I haven't been able to find a milter that does just that though. Most
of
them deal with rewriting depending on domains, not on single
addresses.
Guess I would have to write one myself or just deal with it.
It would be feasible to do this with MIMEDefang, although it would
require an entirely custom implementation of the filter_end() subroutine
so you'd need rock-solid Perl skill.
However, what you're asking of Postfix here is really a MUA function,
not a MTA/MSA function. For example, I use a similar tagged/disposable
address strategy for myself and a few other users on my personal server,
but all I need in Postfix is some regular expression aliases and a
section of my check_recipient_access map for burned addresses. It's not
built currently for user scale, but it's pretty easy to see how to scale
it. The responsibility for using the right sender address sits with the
users & their MUAs. Good MUAs (e.g. MailMate, TBird, even Eudora 6!)
have been handling complex multi-identity configurations for many years,
even to the point of picking sender addresses based on context. Beyond
the conceptual argument that this is in principle a MUA function, there
are practical reasons to do it there:
1. MUAs typically store messages as submitted in either a local store or
via IMAP for future reference. If the MSA/MTA modifies the SMTP envelope
sender and/or From header, the sender will have a "sent" message that
doesn't reflect those changes. If your mail has a delivery problem, you
don't have a definitive record of what a message was once the MSA/MTA
mangled it.
2. The best forms of end-to-end security in email require the SMTP
sender and the From header of a message to be immutable once they are
used to sign or encrypt messages. You may not use encrypted mail today,
but there's a growing probability that you will need to do so
occasionally, particularly in commercial transactions. Whatever
mechanism you use for that will live in your MUA unless you make the
dubious choice of giving your MSA/MTA access to private keys, and that
means you cannot have downstream sender identity mangling.
