Dan Mahoney:
We have a couple of recipient canonical maps that do things like
transform firstname_lastname into username (i.e. dan_mahoney -->
dmahoney), also handle things like mapping people's former names
into current names.
This is useful where a user wants to have one canonical spamassassin
settings folder, WHICH SPAMASS-MILTER GETS BY LOOKING AT THE LEFt
HAND SIDE OF THE ADDRESS. So we clearly want spamass-milter to
run after this rewriting happens.
On 08.10.22 15:59, Wietse Venema wrote:
[sorry for shouting, I captalized some text that is problematic.]
The system described in the capitalized text should not rely on the
message HEADER to determine who an email message is for.
A proper spam filter looks at the ENVELOPE recipient address to
determine who an email message is for.
spamass-milter does use local part of envelope recipient's e-mail address
when deciding which username to pass to spamd.
The OP's stated problem is that local part may be different than recipients
username (which is used for personalized spam analysis) and OP wants to fix
this by using canonical_maps to map address to username.
- in fact duplicate functionality of virtual_alias_maps and alias_maps
Using multiple instances when spam-filtering incoming mail is not good
idea, since it should be the instance that received mail from the
internet that should process and possibly reject spam - latter instance
should not reject is because it could lead to backscatter.
if rejecting the spam at SMTP level is not required, one can simply filter
spam when delivering to mailbox and milter, canonical mapping etc are not
needed.
Canonicalizing the envelope recipient before the DKIM check would
not cause the DKIM check to fail, because DKIM looks at message
content. It also does affect SPF, because SPF looks at where mail
comes from, not recipients.
There is no problem with canonical mapping before DKIM check, as
long as the mapping is limited to the envelope. And it is perfetly
legitimate to use virtual_alias_mnaps for that.
Canonicalizing envelope senders and headers to fix usernames was the second
part of OP's question.
From what I remember, milter running within instance that does canonical
mapping does NOT see the mapping results, at least for envelope sender
address, so for DKIM-signing outgoing mail via opendkim I've had to
implement anotger instance that takes canonicalized e-mail and signs it.
If I am missing something, or something has changed (since 3.5.6) please let me
know.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
