Rewrite header From:
Hello. My mail server received unsollecited emails with header From: similar to 'Heidi '. Users perceive that email comes from our company as the header From: has been rewrite in 'Heidi '. Infact: myorigin = $mydomain mydomain = host.domain.tld and append_at_myorigin = yes local_header_rewrite_clients = permit_inet_interfaces Is there a way to block incoming e-mails whose 'Header From:' does not specify valid email address? Regards, RS
Re: Rewrite header From:
Scappatura Rocco: > Hello. > > My mail server received unsollecited emails with header From: similar to > 'Heidi '. > > Users perceive that email comes from our company as the header From: has been > rewrite in 'Heidi '. > > Infact: > > myorigin = $mydomain > mydomain = host.domain.tld > > and > > append_at_myorigin = yes > local_header_rewrite_clients = permit_inet_interfaces > > Is there a way to block incoming e-mails whose 'Header From:' does not > specify valid email address? > Perhaps the following will do the job: /etc/postfix/main.cf: remote_header_rewrite_domain = domain.invalid but it may have no effect on an smtpd_proy_filter based content filter. See also: http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain http://www.postfix.org/postconf.5.html#local_header_rewrite_clients Wietse
R: Rewrite header From:
> -Messaggio originale- > Da: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] Per conto di Wietse Venema > Inviato: lunedì 30 luglio 2018 15:06 > A: Postfix users > Oggetto: Re: Rewrite header From: > > Scappatura Rocco: > > Hello. > > > > My mail server received unsollecited emails with header From: similar to > 'Heidi '. > > > > Users perceive that email comes from our company as the header From: > has been rewrite in 'Heidi '. > > > > Infact: > > > > myorigin = $mydomain > > mydomain = host.domain.tld > > > > and > > > > append_at_myorigin = yes > > local_header_rewrite_clients = permit_inet_interfaces > > > > Is there a way to block incoming e-mails whose 'Header From:' does not > specify valid email address? > > > > Perhaps the following will do the job: > > /etc/postfix/main.cf: >remote_header_rewrite_domain = domain.invalid > > but it may have no effect on an smtpd_proy_filter based content filter. Thanks Wietse My configuration does not use smtpd_proxy_filter at all. So I think I can set: remote_header_rewrite_domain = domain.invalid or it could be better to set: remote_header_rewrite_domain = What is the difference simply explained? And, if I have well understood, it could be also a solution for my issue also to set: local_header_rewrite_clients = permit_mynetworks So that local generate emails will have header From: correctly rewritten, while email coming from outside will not have header From: rewritten.. Correct? > See also: > http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain > http://www.postfix.org/postconf.5.html#local_header_rewrite_clients > > Wietse Rocco
Re: R: Rewrite header From:
On 7/30/2018 8:19 AM, Scappatura Rocco wrote: > > >> -Messaggio originale- >> Da: owner-postfix-us...@postfix.org [mailto:owner-postfix- >> us...@postfix.org] Per conto di Wietse Venema >> Inviato: lunedì 30 luglio 2018 15:06 >> A: Postfix users >> Oggetto: Re: Rewrite header From: >> >> Scappatura Rocco: >>> Hello. >>> >>> My mail server received unsollecited emails with header From: similar to >> 'Heidi '. >>> >>> Users perceive that email comes from our company as the header From: >> has been rewrite in 'Heidi '. >>> >>> Infact: >>> >>> myorigin = $mydomain >>> mydomain = host.domain.tld >>> >>> and >>> >>> append_at_myorigin = yes >>> local_header_rewrite_clients = permit_inet_interfaces >>> >>> Is there a way to block incoming e-mails whose 'Header From:' does not >> specify valid email address? >>> >> >> Perhaps the following will do the job: >> >> /etc/postfix/main.cf: >>remote_header_rewrite_domain = domain.invalid >> >> but it may have no effect on an smtpd_proy_filter based content filter. > > Thanks Wietse > > My configuration does not use smtpd_proxy_filter at all. > > So I think I can set: > > remote_header_rewrite_domain = domain.invalid > > or it could be better to set: > > remote_header_rewrite_domain = Setting "remote_header_rewrite_domain = domain.invalid" prevents other software from rewriting the header once it leaves postfix, and should make it clear that the domain is invalid even to unsophisticated users. Some users may confuse a missing domain as meaning @local. > > What is the difference simply explained? > > And, if I have well understood, it could be also a solution for my issue also > to set: > > local_header_rewrite_clients = permit_mynetworks > > So that local generate emails will have header From: correctly rewritten, > while email coming from outside will not have header From: rewritten.. > > Correct? Setting "local_header_rewrite_clients=permit_mynetworks" is the default. Note that if mail enters postfix multiple times, such as after a content_filter or some other external process such as a spam filter, the second trip through postfix will be from $mynetworks, causing empty domains to be rewritten to the local domain. That's another good reason to use "remote_header_rewrite_domain = domain.invalid". -- Noel Jones
bounced posts go to spam
Hello, I have a simple relay for sending emails from internal scanners and a voicemail system. All works fine except for posts that get bounced as the bounce notifications somehow fail both SPF and DKIM tests. The only (seemingly significant) differences I can find in the headers of normal vs bounced posts from the system are: Normal: Authentication-Results: test17.example.com; spf=pass smtp.mailfrom=u...@example.com Authentication-Results: test17.example.com; dkim=pass (2048-bit key) Bounced: Authentication-Results: test17.example.com; spf=none smtp.helo=smtp.example.com Authentication-Results: test17.example.com; dkim=none The normal mail has: smtp.mailfrom=u...@example.com and the bounced mail has: smtp.helo=smtp.example.com And so it looks like this difference is keeping the bounced notifications from passing SPF and getting processed by OpenDKIM. Suggestions? Thanks! Chris
