Postfix: How to run the milter BEFORE reject_unverified_recipient

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix: How to run the milter BEFORE reject_unverified_recipient

Benoit Panizzon
Dear Lists (sorry for the xpost).

I have a milter which performs SRS Signing in case of forwarded emails
and SRS Verification of bounces.

This worked quite well, until we configured our mail plattform to also
relay emails for other domains and thus activated
reject_unverified_recipient to perform smtp forward recipient checking.

http://www.postfix.org/ADDRESS_VERIFICATION_README.html

Well unfortunately reject_unverified_recipient is checking the
recipient BEFORE it is passed throught the milter check_recipient would
extract the real recipient from a valid signed SRS address.

So every recipient SRS signed bounced recipient is being rejected by
reject_unverified_recipient.

So is there any way to configure postfix to either run the milter
BEFORE reject_unverified_recipient or to not run
reject_unverified_recipient for the transports
address_verify_local_transport or address_verify_virtual_transport but
only for address_verify_relay_transport?

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________
Reply | Threaded
Open this post in threaded view
|

Re: Postfix: How to run the milter BEFORE reject_unverified_recipient

Wietse Venema
Benoit Panizzon:

> Dear Lists (sorry for the xpost).
>
> I have a milter which performs SRS Signing in case of forwarded emails
> and SRS Verification of bounces.
>
> This worked quite well, until we configured our mail plattform to also
> relay emails for other domains and thus activated
> reject_unverified_recipient to perform smtp forward recipient checking.
>
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
>
> Well unfortunately reject_unverified_recipient is checking the
> recipient BEFORE it is passed throught the milter check_recipient would
> extract the real recipient from a valid signed SRS address.
>
> So every recipient SRS signed bounced recipient is being rejected by
> reject_unverified_recipient.
>
> So is there any way to configure postfix to either run the milter
> BEFORE reject_unverified_recipient or to not run
> reject_unverified_recipient for the transports
> address_verify_local_transport or address_verify_virtual_transport but
> only for address_verify_relay_transport?

Not possible. The Milter protocol implements the 'change sender'
feature AFTER the entire message is received. That is long
after the MAIL FROM and RCPT TO commands.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix: How to run the milter BEFORE reject_unverified_recipient

Benoit Panizzon
Hi Wietse

> Not possible. The Milter protocol implements the 'change sender'
> feature AFTER the entire message is received. That is long
> after the MAIL FROM and RCPT TO commands.

Ok, so if you activate reject_unverified_recipient it's not possible to
tell postfix not to call this function for local recipients, which
would anyway be rejected.

I did some further digging and found a posting of another user having
the problem, that he used reject_unverified_recipient but wanted to be
able to queue mails for a specific domain that is relayed through his
server in case the destination server is down.

Yes, sounds similar to my problem. He used check_recipient_access with
a hash map listing all recipients he wanted to queue.

This information and a google query if I could replace a hash map with
a regexp map later I had a working solution for my SRS problem:

smtpd_recipient_restrictions =
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        check_recipient_access regexp:/etc/postfix/noverify
        reject_unverified_recipient

And in /etc/postfix/noverify

/^SRS\d{1}.*/      OK
       
Now I just have to check that I didn't open an unauthenticated relay
door.

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________
Reply | Threaded
Open this post in threaded view
|

Re: Postfix: How to run the milter BEFORE reject_unverified_recipient

Wietse Venema
In reply to this post by Wietse Venema
Wietse Venema:

> Benoit Panizzon:
> > Dear Lists (sorry for the xpost).
> >
> > I have a milter which performs SRS Signing in case of forwarded emails
> > and SRS Verification of bounces.
> >
> > This worked quite well, until we configured our mail plattform to also
> > relay emails for other domains and thus activated
> > reject_unverified_recipient to perform smtp forward recipient checking.
> >
> > http://www.postfix.org/ADDRESS_VERIFICATION_README.html
> >
> > Well unfortunately reject_unverified_recipient is checking the
> > recipient BEFORE it is passed throught the milter check_recipient would
> > extract the real recipient from a valid signed SRS address.
> >
> > So every recipient SRS signed bounced recipient is being rejected by
> > reject_unverified_recipient.
> >
> > So is there any way to configure postfix to either run the milter
> > BEFORE reject_unverified_recipient or to not run
> > reject_unverified_recipient for the transports
> > address_verify_local_transport or address_verify_virtual_transport but
> > only for address_verify_relay_transport?
>
> Not possible. The Milter protocol implements the 'change sender'
> feature AFTER the entire message is received. That is long
> after the MAIL FROM and RCPT TO commands.

My best guess is to SPLIT your mail streams, and use separate
SMTP servers for transit mail and for final delivery.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix: How to run the milter BEFORE reject_unverified_recipient

Wietse Venema
In reply to this post by Benoit Panizzon
Benoit Panizzon:
> Hi Wietse
>
> > Not possible. The Milter protocol implements the 'change sender'
> > feature AFTER the entire message is received. That is long
> > after the MAIL FROM and RCPT TO commands.
>
> Ok, so if you activate reject_unverified_recipient it's not possible to
> tell postfix not to call this function for local recipients, which
> would anyway be rejected.

Well, that is possible with smtpd_access maps, as you discovered.

        Wietse