On 29 Sep 2019, at 20:30, Hugo Florentino wrote:
El vie, 27-09-2019 a las 09:33 -0400, Bill Cole escribió:
[...]
Because, as documented, header_checks (and the other built-in
content
filtering in Postfix) does not support restrictions or restriction
classes as results of a pattern match.
Allow me to pose a slightly different scenario then, but still related
to my original doubt:
I separate smtp and submission, and prevent using my domain through
smtp. However somehow someones's PC gets compromised and sends mail
modifying the From header in the data section.
Even if the envelope-from is not forged (using
reject_sender_login_mismatch and so), email clients often display only
the descriptive From.
Is there a way to prevent this forging of descriptive From using
postfix itself?
No. Since headers are part of message content, your options for
filtering based on headers are those described in the
CONTENT_INSPECTION_README file, which is included the Postfix
distribution and is available on the website. That document also
explains the rationale for keeping the internal content filtering in
Postfix itself very simple and leaving anything complex to external
programs. For this sort of mixed content/envelope filtering I use the
MIMEDefang milter but there are other tools available that could do
this.
Also, you should consider the edge cases of such a filtering policy. For
example, any message from this mailing list arrives with the From header
unmodified from how the author submitted it.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
