El lun, 30-09-2019 a las 17:58 -0400, Bill Cole escribió: > On 29 Sep 2019, at 20:30, Hugo Florentino wrote: > > > El vie, 27-09-2019 a las 09:33 -0400, Bill Cole escribió: > > > [...] > > > > > > Because, as documented, header_checks (and the other built-in > > > content > > > filtering in Postfix) does not support restrictions or > > > restriction > > > classes as results of a pattern match. > > > > > > > > > > Allow me to pose a slightly different scenario then, but still > > related > > to my original doubt: > > > > I separate smtp and submission, and prevent using my domain through > > smtp. However somehow someones's PC gets compromised and sends mail > > modifying the From header in the data section. > > > > Even if the envelope-from is not forged (using > > reject_sender_login_mismatch and so), email clients often display > > only > > the descriptive From. > > > > Is there a way to prevent this forging of descriptive From using > > postfix itself? > > No. Since headers are part of message content, your options for > filtering based on headers are those described in the > CONTENT_INSPECTION_README file, which is included the Postfix > distribution and is available on the website. That document also > explains the rationale for keeping the internal content filtering in > Postfix itself very simple and leaving anything complex to external > programs. For this sort of mixed content/envelope filtering I use > the > MIMEDefang milter but there are other tools available that could do > this. > > Also, you should consider the edge cases of such a filtering policy. > For > example, any message from this mailing list arrives with the From > header > unmodified from how the author submitted it. >
OK, thank you for the explanation. Best regards, Hugo
