On 04/11/2021 21:51, Gionatan Danti wrote:
Dear all,
I was tasked to mark all messages coming from unauthenticated clients
(ie: incoming emails) with a specific subject line.
While subject rewrite is trivial per-se (via header_checks), I am having
big issues rewriting only selected messages. I fully understand that
header_checks only works with single lines, and so I can not set a
if/endif block between multiple lines/conditions.
I was trying to achieve the desired behavior by using two postfix
processes: the first FILTERing external messages, tunneling them to the
second postfix instance to rewrite the subject line. Something as:
- receive all mails on port 25 by the main smtpd process;
- set "smtpd_sender_access=check_sender_access
regexp:/etc/postfix/custom, permit_sasl_authenticated,
permit_mynetworks, reject"
- set /etc/postfix/custom to FILTER non-local emails to another smtpd
process - FILTER custom:localhost:10025
- for the second smtpd process, relax smtpd_sender_access but enable
subject rewrite -
smtpd_sender_access=regexp:/etc/postfix/rewrite_headers
...but it does not work. I have some issues grasping how to configure
the second postfix process via master.cf. I tried something as:
localhost:10025 inet n - n - - smtpd
-o smtpd_sender_access=regexp:/etc/postfix/rewrite_headers
but withtout success.
I already read http://www.postfix.org/FILTER_README.html and
http://www.postfix.org/SMTPD_PROXY_README.html, but I am not sure how to
proceed further.
So I would ask if what I am trying to do is at all possible with plain
postfix (ie: without mimedefang or similar milter, as I am already using
rspamd for spam filtering) and, if so, how to configure master.cf and
the FILTER rule.
Thanks.
Why permit auth connections on port 25? Restrict them to 587 and/or 465
then you can specify subject rewriting for (all) mails arriving via port
25. (And you can use postscreen on port 25.)
Presumably you are not concerned that rewriting subjects will break
DKIM/DMARC?
If you have the option, better to use pcre: than regex:.
