On Thu, Nov 03, 2022 at 06:25:50PM +0000, Gino Ferguson wrote:
> I have to rewrite every occurence of @sender-foo.com domain to
> @sender-bar.com. Both in envelope and header from fields.
This is typically done early, on input, via canonical_maps.
Rewrites in smtp_generic_maps are performed late, on output,
when rewriting is needed for specific destinations, possibly
to "undo" virtual(5) rewrites, that are used to direct the
traffic to a particular nexthop, by restoring the envelope
recipient back to a normalised external value.
> I did it with a smtp_generic_maps regexp but I'm not sure this is the
> best way (these are outbound only emails).
1. Avoid regexp rewrites at all costs.
2. Avoid wildcard envelope recipient rewrites visible to smtpd(8),
they break recipient validation.
3. Avoid rewriting just "sender" headers, because "Cc:" addresses are
used for replies and are semantically like a sender address in that
context.
Which means that in your case canonical_classes would be:
canonical_classes = envelope_sender, header_sender, header_recipient
and then, in canonical_maps, you'd have:
@bar.example @foo.example
withough breaking envelope recipient validation.
> Also it messes up the dkim signing because it happens before the
> masquerading with smtpd_milters.
I don't recall whether milter message content processing happens before
or after canonical rewriting, Wietse might post a reminder. If milters
go first, you'll need to do DKIM signing after the message first goes
through a null content filter (directly back into Postfix on a different
port, with nothing in the middle), with milters only on the far side and
the canonical rewrites on the near side.
> * what's the best way to replace all occurences of the sender domain?
> * if smtp_generic_maps is the way, can it happen before the smtpd_milters
> somehow?
generic(5) happens too late.
--
Viktor.
