Re: Accessing the sending user from a canonical(5) table
postfix-3.6-20201025 has a preliminary implementation to limit the envelope senders that a local user may specify to the Postfix sendmail (or postdrop) command. The real work is done in a library module, so that similar functionality can later be added to the Postfix SMTP daemon. Source: http://ftp.porcupine.org/mirrors/postfix-release/index.html Manual: http://www.porcupine.org/postfix-mirror/postconf.5.html#local_login_sender_maps I still need to add some credits to the HISTORY file, and update the RELEASE_NOTES file with a feature summary. Wietse
Re: Accessing the sending user from a canonical(5) table
On Sun, Oct 25, 2020 at 02:46:26PM -0400, Wietse Venema wrote: > postfix-3.6-20201025 has a preliminary implementation to limit the > envelope senders that a local user may specify to the Postfix > sendmail (or postdrop) command. The real work is done in a library > module, so that similar functionality can later be added to the > Postfix SMTP daemon. Nice! A nit correction and a question: - Typo: in example: --- proto/postconf.proto +++ proto/postconf.proto @@ -17947,7 +17947,7 @@ address when the '@' and domain part match. /etc/postfix/login_senders: # Allow both the bare username and the user@domain forms. -/(.+)/ $1 $1...@example.com/ +/(.+)/ $1 $1...@example.com This feature is available in Postfix 3.6 and later. - Question, with "#" as the prefix for numeric uids, how is one supposed to create indexed tables with these as lookup keys? The below looks like a comment to me: #12345 anonym...@example.com -- VIktor.
Re: Accessing the sending user from a canonical(5) table
Viktor Dukhovni: > On Sun, Oct 25, 2020 at 02:46:26PM -0400, Wietse Venema wrote: > > > postfix-3.6-20201025 has a preliminary implementation to limit the > > envelope senders that a local user may specify to the Postfix > > sendmail (or postdrop) command. The real work is done in a library > > module, so that similar functionality can later be added to the > > Postfix SMTP daemon. > > Nice! A nit correction and a question: > > - Typo: in example: > > --- proto/postconf.proto > +++ proto/postconf.proto > @@ -17947,7 +17947,7 @@ address when the '@' and domain part match. > > > /etc/postfix/login_senders: > # Allow both the bare username and the user@domain forms. > -/(.+)/ $1 $1...@example.com/ > +/(.+)/ $1 $1...@example.com > Ack. > This feature is available in Postfix 3.6 and later. > > - Question, with "#" as the prefix for numeric uids, how is one supposed > to create indexed tables with these as lookup keys? The below looks > like a comment to me: > > #12345 anonym...@example.com Yes, this would limit the usability to PCRE, LDAP, *SQL. Postmap does not expand \ddd octal sequences in its input. What about making the '#' a suffix instead? That is still unlikely to clash with existing user naming schemes. BTW I realize that there is no unit test for numerical UIDs; that needs to be fixed, too. Wietse
Re: Accessing the sending user from a canonical(5) table
> On Oct 25, 2020, at 9:08 PM, Wietse Venema wrote: > > What about making the '#' a suffix instead? That is still unlikely > to clash with existing user naming schemes. BTW I realize that there > is no unit test for numerical UIDs; that needs to be fixed, too. A suffix looks like a good solution to me. -- Viktor.
any success with postfix + dkimpy-milter outbound DKIM signing -- with ed25519 keys?
i'm swapping out opendkim milter from a postfix setup. inbound verification's been replaced with fastmail's authentication_milter -- in smtpd mode so far, behaving well. outbound signing on postfix sumbission has been replaced with dkimpy-milter. seems to work nicely for rsa signing. support's supposedly _there_ for ed25519 signing. but, when I deploy -- simply enabling ed25519 signingtable -- I get lots of errors -- just starting to troubleshoot now. 1st question ... ... is outbound ed25519 signing with dkimpy-milter in Postfix known-to-work for anyone here? iiuc, there's no Postfix-reason that it shouldn't work; a milter's a milter. so, just looking for any evidence that someone's got it working at all b4 diving in.
Re: Accessing the sending user from a canonical(5) table
On 10/25/20 2:46 PM, Wietse Venema wrote: > postfix-3.6-20201025 has a preliminary implementation to limit the > envelope senders that a local user may specify to the Postfix > sendmail (or postdrop) command. The real work is done in a library > module, so that similar functionality can later be added to the > Postfix SMTP daemon. > > Source: > http://ftp.porcupine.org/mirrors/postfix-release/index.html I looked at the source code, and all I can say is: Wow. Thank you, Wietse! Your implementation is indeed of very high quality. Certainly better than mine! > Manual: > http://www.porcupine.org/postfix-mirror/postconf.5.html#local_login_sender_maps Nit: Given the quoted localpart TODO, it might be a good idea to suggest limiting the character set that will be matched. On a system I ran, I would use: /etc/postfix/login_senders: # Allow both the bare username and user@domain forms. /([A-Za-z][A-Za-z0-9_-]*)$/iAE $1, $1...@example.com but the regex will of course be system-dependent. I say "might" because one could reasonably argue that if a user is allowed to login with a username containing a comma or space, something has already gone wrong. > I still need to add some credits to the HISTORY file, and update > the RELEASE_NOTES file with a feature summary. > > Wietse Demi OpenPGP_0xB288B55FFF9C22C1.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature
