Content filter question

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Content filter question

Fernando Iglesias
Hi everybody,

I'll try explain my problem:

Some of my users have diferents mail accounts, their personal mail and other mails like [hidden email] that are shared between multiples users using imap folders. When a user received a mail he wants answer with that ID, so if he received a mail to [hidden email], he wants reply it using [hidden email] like from field. I'm trying make  content_filter to allow this.

My master.cf is something like this:


#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
# ==========================================================================
smtp inet n - n - - smtpd -o content_filter=my_content_fliter:
pickup fifo n - n 60 1 pickup
.
.
.
my_content_filter  unix - n n - - pipe flags=Rq user=secure_user argv=/etc/postfix/conten_filters/my_content_filter  -f ${sender} -- ${recipient}

Users are authenticated via TLS using their personal mail as user and their password, so $(sasl_sender) = $(sender) = their personal mail. I want allow they can send mails with other IDs vía content filter so, I should check "from field" but I really don't know how can I do it? There's no macro from pipe command to take "from field" from a mail ,  is there a way to do it ?


Thanks in advance,

Best regards







Reply | Threaded
Open this post in threaded view
|

Re: Content filter question

Victor Duchovni
On Tue, May 27, 2008 at 06:10:05PM +0200, Fernando Iglesias wrote:

> Hi everybody,
>
> I'll try explain my problem:
>
> Some of my users have diferents mail accounts, their personal mail and other
> mails like [hidden email] that are shared between multiples users
> using imap folders. When a user received a mail he wants answer with that
> ID, so if he received a mail to [hidden email], he wants reply it
> using [hidden email] like from field. I'm trying make  content_filter
> to allow this.

No, this is done in the MUA, not the MTA. Just have them reply with
that sender address, and Postfix will carry the message unmodified.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Content filter question

Fernando Iglesias
I should do it in the MTA, because I should check if the user can send mails with that alter ID. if I don't check it, someone could try a "man in the middle" or something else. I can't check it in MUA.

Thanks in advance


On Tue, May 27, 2008 at 7:05 PM, Victor Duchovni <[hidden email]> wrote:
On Tue, May 27, 2008 at 06:10:05PM +0200, Fernando Iglesias wrote:

> Hi everybody,
>
> I'll try explain my problem:
>
> Some of my users have diferents mail accounts, their personal mail and other
> mails like [hidden email] that are shared between multiples users
> using imap folders. When a user received a mail he wants answer with that
> ID, so if he received a mail to [hidden email], he wants reply it
> using [hidden email] like from field. I'm trying make  content_filter
> to allow this.

No, this is done in the MUA, not the MTA. Just have them reply with
that sender address, and Postfix will carry the message unmodified.

--
       Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.



--
I should have known better
Than to let you go alone
It's times like these
I can't make it on my own
Wasted days, and sleepless nights
An' I can't wait to see you again
Reply | Threaded
Open this post in threaded view
|

Re: Content filter question

Victor Duchovni
On Wed, May 28, 2008 at 04:52:37PM +0200, Fernando Iglesias wrote:

> I should do it in the MTA, because I should check if the user can send mails
> with that alter ID. if I don't check it, someone could try a "man in the
> middle" or something else. I can't check it in MUA.

Don't solve problems you don't have. Anyone can put the address in
question in the "From:" header, even if you strictly control envelope
sender addresses. Unless you are an ISP, don't enforce user<->sender
address pairings. The right place to address this *is* the MUA.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

milter question

System Support
In reply to this post by Fernando Iglesias
I currently use dkim-filter to sign outgoing e-mails.  
It is called by an smtpd-milters = option in main.cf.

This call is done early in the mail processing.  
However, there are situations where the ultimate
destination of the e-mail is important.  When, for
instance, certain recipients should be signed with a
different key, or not signed at all.  However, the
filter is blind to postfix's various alias and re-write
rules.

Is there a way to call the milter using the final
outgoing envelope information?

...don

support (at) microtechniques.com

Reply | Threaded
Open this post in threaded view
|

Re: milter question

Noel Jones-2
System Support wrote:

> I currently use dkim-filter to sign outgoing e-mails.  
> It is called by an smtpd-milters = option in main.cf.
>
> This call is done early in the mail processing.  
> However, there are situations where the ultimate
> destination of the e-mail is important.  When, for
> instance, certain recipients should be signed with a
> different key, or not signed at all.  However, the
> filter is blind to postfix's various alias and re-write
> rules.
>
> Is there a way to call the milter using the final
> outgoing envelope information?
>
> ...don


The order isn't configurable.  You can run another "smart
host" instance of postfix that does only signing & external
delivery, or maybe use amavisd-new 2.6 to sign mail after
postfix is done with it.

--
Noel Jones