Mail routing depending on subject or body

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Mail routing depending on subject or body

Liebeskind Uri (luri)
Hello,

we will install an mail encryption appliance (totemo) in our organization.

I have to configure Postfix (2.6.6) to route the emails to this appliance if certain conditions apply:

For outbound mail:
RULE 1. If the subject contains the string "#secure"
   This indicates that the mail has to be encrypted and that it has to be passed to the ip-address of the encryption appliance.
   The appliance will encrypt the mail, remove the string from the subject and pass it back to the mx-er.

For inbound mail:
RULE 2. If the mail body contains any of the following strings that indicate the email is encrypted and has to be decrypted:
   Content-Type: includes "application/pkcs7-mime" oder "application/x-pkcs7-mime"
   Content-Type: includes "multipart/signed" sowie "application/pkcs7-signature" oder  "application/x-pkcs7-signature"
   Content-Type: includes "application/octet-stream" und "p7m", "p7s" oder "p7c" im Dateinamen
   This indicates that the mail has to be decrypted and that it has to be passed to the ip-address of the encryption appliance.
   The appliance will decrypt the email and pass it back to the mx-er.

If I cannot distinguish between outbound and inbound mail after RULE 1, the mail body will indicate that the mail is encrypted and RULE 2 will apply. This has to be avoided.


I have tried header_checks:
 
/^subject:.*#secure.*/i             FILTER smtp:ip-addr


But this solves my problem only partially, because encryption RULE 2 would apply.


I'd be glad about any hint or idea how to solve this redirection problem.


Thank you and kind regards,
Uri


--
------------------------------------
Zurich University of Applied Sciences
Information and Communication Technology

Uri Liebeskind
System Administrator
Gertrudstrasse 15
Postfach 805
CH-8401 Winterthur

Tel. +41 58 934 72 63
Fax. +41 58 935 72 63
http://www.zhaw.ch/en/
-------------------------------------


Reply | Threaded
Open this post in threaded view
|

Re: Mail routing depending on subject or body

Noel Jones-2
On 10/12/2017 8:47 AM, Liebeskind Uri (luri) wrote:

> Hello,
>
> we will install an mail encryption appliance (totemo) in our organization.
>
> I have to configure Postfix (2.6.6) to route the emails to this appliance if certain conditions apply:
>
> For outbound mail:
> RULE 1. If the subject contains the string "#secure"
>    This indicates that the mail has to be encrypted and that it has to be passed to the ip-address of the encryption appliance.
>    The appliance will encrypt the mail, remove the string from the subject and pass it back to the mx-er.
>
> For inbound mail:
> RULE 2. If the mail body contains any of the following strings that indicate the email is encrypted and has to be decrypted:
>    Content-Type: includes "application/pkcs7-mime" oder "application/x-pkcs7-mime"
>    Content-Type: includes "multipart/signed" sowie "application/pkcs7-signature" oder  "application/x-pkcs7-signature"
>    Content-Type: includes "application/octet-stream" und "p7m", "p7s" oder "p7c" im Dateinamen
>    This indicates that the mail has to be decrypted and that it has to be passed to the ip-address of the encryption appliance.
>    The appliance will decrypt the email and pass it back to the mx-er.
>
> If I cannot distinguish between outbound and inbound mail after RULE 1, the mail body will indicate that the mail is encrypted and RULE 2 will apply. This has to be avoided.
>
>
> I have tried header_checks:
>  
> /^subject:.*#secure.*/i             FILTER smtp:ip-addr
>
>
> But this solves my problem only partially, because encryption RULE 2 would apply.
>
>
> I'd be glad about any hint or idea how to solve this redirection problem.
>
>
> Thank you and kind regards,
> Uri
>
>


Use mime_header_checks to filter messages based on content-type headers.

To prevent loops, use multiple postfix instances:
- All mail enters postfix "main" postfix instance.
- "main" instance delivers to either crypto appliance or final
destination based on FILTER criteria
- crypto device processes mail and delivers it to the "post-crypto"
postfix instance.
- No filtering configured on post-crypto postfix instance
- post-crypto postfix instance delivers mail either to internal
mailbox or external destination.


http://www.postfix.org/postconf.5.html#mime_header_checks
http://www.postfix.org/header_checks.5.html
http://www.postfix.org/MULTI_INSTANCE_README.html



  -- Noel Jones