Re: Rewrite the To: header?

Mon, 20 Nov 2017 08:12:07 -0800 

On 19/11/17 12:20 PM, Bill Cole wrote:

On 19 Nov 2017, at 11:36 (-0500), Jack Bates wrote:
Is there a feature I can use to rewrite the To: header, of "virtual alias domain" mail, with the result of the following lookup, *after* smtpd_milters are applied? 

SELECT 'b...@example.com' FROM my_table WHERE sender = '%s'



Do you actually have a field named 'b...@example.com' in my_table? That 
is an unusual choice....



Or do I need to use a milter of my own for this?



Simpler to do with a content filter, unless you already have a highly 
flexible milter (e.g. MIMEDefang) already in place that can be made to 
mangle messages. See the FILTER_README file for details.


Yes, an after-queue content filter would also work.


recipient_canonical_maps and recipient_canonical_classes seem pretty 
close! I can exclude the From: header and the envelope_recipient from 
being rewritten, but they're applied *before* smtpd_milters. And I 
haven't thought carefully about how to limit them to virtual alias 
domain mail.



My specific situation is that I'm using the OpenDKIM milter to verify 
mail, so that needs to happen before I rewrite the To: header.


OK, but this leaves an obvious unanswered question: WHY?

Modifying the To header invalidates any DKIM signature so that if the 
end recipient tries to verify it, the message will appear to be a fake 
or tampered-with (which it is.) If something downstream is dependent on 
the To header (instead of the envelope recipient or a header derived 
from it) that should be corrected, rather than invalidating the 
signature on the message.



Yes, breaking the signature certainly is a drawback. (I have to trust 
the Authentication-Results: header that OpenDKIM adds instead.)



I want to rewrite the To: header to fix the reply all feature in my 
MUA(s). I think it's common that MUAs let you configure one email 
address (per account). When you hit reply all, they collect all the 
recipients (To:, Cc:, etc.) minus your email address. The result is that 
I'm constantly removing manually one of my email addresses from the 
reply (if it's not the one configured in my MUA). The way to fix this 
for all MUAs is to rewrite the To: (Cc:, etc.) header to a single email 
address (hence SELECT 'b...@example.com' ...).



I guess the other way would be to remove my email addresses from the To: 
(Cc:, etc.) header (and envelope recipient) of *outgoing* mail ... That 
wouldn't break the signature (I'd do it before signing) but would still 
require a milter/content filter, I think?





















					Reply via email to