On Fri, Feb 12, 2021 at 12:54 PM Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Fri, Feb 12, 2021 at 12:06:02PM -0500, Matt Shields wrote: > > I'll take a look at all the suggestions. For below, this is just an internal server(behind firewall) with no internet facing ports. We use Office365 for corporate mail, and AWS SES for outbound mail from systems. We're just looking for this server to be an intermediary so that we can make sure that what we're sending to AWS SES has proper addresses and comes through a single IP. Also, this server is using host based access lists, so that the only way a server in our network sends out mail is through this server and is on the access list. We also use it to keep an audit trail of messages being sent out. > > c. For any host not defined, change the FROM address to > > nore...@mycompany.com > > A wildcard rewrite like that is generally quite fragile, it can > easily apply to the wrong sort of mail, e.g. to bounce messages, > inbound mail from outside, ... This requires care. Is there > a dedicated "submission only" SMTP port on this relay? I'd > not want to configure such a rewrite on port 25. > > Furthermore, when you start rewriting just the "From:" address you're > now in a "state of sin". What if the message has a "Cc:" address, for > purposes of "Reply-All" a "Cc:" address is, like "From:", just another > address to reply to. What if the message has a "Resent-From:" header, > should the "From:" still be rewritten? ... > > That sort of rewriting very much needs to happen at the point of origin. > It is not impossible to do with Postfix, but it is difficult to do right > in all cases. > > > -- > Viktor. >
