Rewrite header From:

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Rewrite header From:

Scappatura Rocco
Hello.

My mail server received unsollecited emails with header From: similar to 'Heidi <info>'.

Users perceive that email comes from our company as the header From: has been rewrite in 'Heidi <[hidden email]>'.

Infact:

myorigin = $mydomain
mydomain = host.domain.tld

and

append_at_myorigin = yes
local_header_rewrite_clients = permit_inet_interfaces

Is there a way to block incoming e-mails whose 'Header From:' does not specify valid email address?

Regards,

RS
Reply | Threaded
Open this post in threaded view
|

Re: Rewrite header From:

Wietse Venema
Scappatura Rocco:

> Hello.
>
> My mail server received unsollecited emails with header From: similar to 'Heidi <info>'.
>
> Users perceive that email comes from our company as the header From: has been rewrite in 'Heidi <[hidden email]>'.
>
> Infact:
>
> myorigin = $mydomain
> mydomain = host.domain.tld
>
> and
>
> append_at_myorigin = yes
> local_header_rewrite_clients = permit_inet_interfaces
>
> Is there a way to block incoming e-mails whose 'Header From:' does not specify valid email address?
>

Perhaps the following will do the job:

/etc/postfix/main.cf:
   remote_header_rewrite_domain = domain.invalid

but it may have no effect on an smtpd_proy_filter based content filter.

See also:
http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain
http://www.postfix.org/postconf.5.html#local_header_rewrite_clients

        Wietse
Reply | Threaded
Open this post in threaded view
|

R: Rewrite header From:

Scappatura Rocco


> -----Messaggio originale-----
> Da: [hidden email] [mailto:owner-postfix-
> [hidden email]] Per conto di Wietse Venema
> Inviato: lunedì 30 luglio 2018 15:06
> A: Postfix users <[hidden email]>
> Oggetto: Re: Rewrite header From:
>
> Scappatura Rocco:
> > Hello.
> >
> > My mail server received unsollecited emails with header From: similar to
> 'Heidi <info>'.
> >
> > Users perceive that email comes from our company as the header From:
> has been rewrite in 'Heidi <[hidden email]>'.
> >
> > Infact:
> >
> > myorigin = $mydomain
> > mydomain = host.domain.tld
> >
> > and
> >
> > append_at_myorigin = yes
> > local_header_rewrite_clients = permit_inet_interfaces
> >
> > Is there a way to block incoming e-mails whose 'Header From:' does not
> specify valid email address?
> >
>
> Perhaps the following will do the job:
>
> /etc/postfix/main.cf:
>    remote_header_rewrite_domain = domain.invalid
>
> but it may have no effect on an smtpd_proy_filter based content filter.

Thanks Wietse

My configuration does not use smtpd_proxy_filter at all.

So I think I can set:

remote_header_rewrite_domain = domain.invalid

or it could be better to set:

remote_header_rewrite_domain =

What is the difference simply explained?

And, if I have well understood, it could be also a solution for my issue also to set:

local_header_rewrite_clients = permit_mynetworks

So that local generate emails will have header From: correctly rewritten, while email coming from outside will not have header From: rewritten..

Correct?

> See also:
> http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain
> http://www.postfix.org/postconf.5.html#local_header_rewrite_clients
>
> Wietse

Rocco
Reply | Threaded
Open this post in threaded view
|

Re: R: Rewrite header From:

Noel Jones-2
On 7/30/2018 8:19 AM, Scappatura Rocco wrote:

>
>
>> -----Messaggio originale-----
>> Da: [hidden email] [mailto:owner-postfix-
>> [hidden email]] Per conto di Wietse Venema
>> Inviato: lunedì 30 luglio 2018 15:06
>> A: Postfix users <[hidden email]>
>> Oggetto: Re: Rewrite header From:
>>
>> Scappatura Rocco:
>>> Hello.
>>>
>>> My mail server received unsollecited emails with header From: similar to
>> 'Heidi <info>'.
>>>
>>> Users perceive that email comes from our company as the header From:
>> has been rewrite in 'Heidi <[hidden email]>'.
>>>
>>> Infact:
>>>
>>> myorigin = $mydomain
>>> mydomain = host.domain.tld
>>>
>>> and
>>>
>>> append_at_myorigin = yes
>>> local_header_rewrite_clients = permit_inet_interfaces
>>>
>>> Is there a way to block incoming e-mails whose 'Header From:' does not
>> specify valid email address?
>>>
>>
>> Perhaps the following will do the job:
>>
>> /etc/postfix/main.cf:
>>    remote_header_rewrite_domain = domain.invalid
>>
>> but it may have no effect on an smtpd_proy_filter based content filter.
>
> Thanks Wietse
>
> My configuration does not use smtpd_proxy_filter at all.
>
> So I think I can set:
>
> remote_header_rewrite_domain = domain.invalid
>
> or it could be better to set:
>
> remote_header_rewrite_domain =

Setting "remote_header_rewrite_domain = domain.invalid" prevents
other software from rewriting the header once it leaves postfix, and
should make it clear that the domain is invalid even to
unsophisticated users.

Some users may confuse a missing domain as meaning @local.


>
> What is the difference simply explained?
>
> And, if I have well understood, it could be also a solution for my issue also to set:
>
> local_header_rewrite_clients = permit_mynetworks
>
> So that local generate emails will have header From: correctly rewritten, while email coming from outside will not have header From: rewritten..
>
> Correct?

Setting "local_header_rewrite_clients=permit_mynetworks" is the
default.

Note that if mail enters postfix multiple times, such as after a
content_filter or some other external process such as a spam filter,
the second trip through postfix will be from $mynetworks, causing
empty domains to be rewritten to the local domain.  That's another
good reason to use "remote_header_rewrite_domain = domain.invalid".




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

R: R: Rewrite header From:

Scappatura Rocco


> -----Messaggio originale-----
> Da: [hidden email] [mailto:owner-postfix-
> [hidden email]] Per conto di Noel Jones
> Inviato: lunedì 30 luglio 2018 20:15
> A: [hidden email]
> Oggetto: Re: R: Rewrite header From:
>
> On 7/30/2018 8:19 AM, Scappatura Rocco wrote:
> >
> >
> >> -----Messaggio originale-----
> >> Da: [hidden email] [mailto:owner-postfix-
> >> [hidden email]] Per conto di Wietse Venema
> >> Inviato: lunedì 30 luglio 2018 15:06
> >> A: Postfix users <[hidden email]>
> >> Oggetto: Re: Rewrite header From:
> >>
> >> Scappatura Rocco:
> >>> Hello.
> >>>
> >>> My mail server received unsollecited emails with header From:
> >>> similar to
> >> 'Heidi <info>'.
> >>>
> >>> Users perceive that email comes from our company as the header From:
> >> has been rewrite in 'Heidi <[hidden email]>'.
> >>>
> >>> Infact:
> >>>
> >>> myorigin = $mydomain
> >>> mydomain = host.domain.tld
> >>>
> >>> and
> >>>
> >>> append_at_myorigin = yes
> >>> local_header_rewrite_clients = permit_inet_interfaces
> >>>
> >>> Is there a way to block incoming e-mails whose 'Header From:' does
> >>> not
> >> specify valid email address?
> >>>
> >>
> >> Perhaps the following will do the job:
> >>
> >> /etc/postfix/main.cf:
> >>    remote_header_rewrite_domain = domain.invalid
> >>
> >> but it may have no effect on an smtpd_proy_filter based content filter.
> >
> > Thanks Wietse
> >
> > My configuration does not use smtpd_proxy_filter at all.
> >
> > So I think I can set:
> >
> > remote_header_rewrite_domain = domain.invalid
> >
> > or it could be better to set:
> >
> > remote_header_rewrite_domain =
>
> Setting "remote_header_rewrite_domain = domain.invalid" prevents other
> software from rewriting the header once it leaves postfix, and should make it
> clear that the domain is invalid even to unsophisticated users.
>
> Some users may confuse a missing domain as meaning @local.
>
>
> >
> > What is the difference simply explained?
> >
> > And, if I have well understood, it could be also a solution for my issue also
> to set:
> >
> > local_header_rewrite_clients = permit_mynetworks
> >
> > So that local generate emails will have header From: correctly rewritten,
> while email coming from outside will not have header From: rewritten..
> >
> > Correct?
>
> Setting "local_header_rewrite_clients=permit_mynetworks" is the default.
>
> Note that if mail enters postfix multiple times, such as after a content_filter
> or some other external process such as a spam filter, the second trip through
> postfix will be from $mynetworks, causing empty domains to be rewritten to
> the local domain.  That's another good reason to use
> "remote_header_rewrite_domain = domain.invalid".

Thank you for the clarification!

>
>
>
>
>   -- Noel Jones

Regards,

Rocco