canonical vs smtp_generic_maps vs ...?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

canonical vs smtp_generic_maps vs ...?

Marek Kozlowski-2
:-)

"The optional generic(5) table specifies an address mapping that applies
when mail is delivered. This is the opposite of  canonical(5)  mapping,
which applies when mail is received."
(http://www.postfix.org/generic.5.html)

Nice...

"With the smtp_generic_maps parameter you can specify generic(5) lookup
tables that replace local mail addresses by valid Internet addresses
when mail leaves the machine via SMTP."
(http://www.postfix.org/ADDRESS_REWRITING_README.html#generic)

Close but... "when mail LEAVES the machine"...

I'm searching for a possibbility of rewriting (senders') addresses only
for all mail originating from my system - no matter if it is local or
remote delivery. I mean: rewriting sender's address for mail from SASL
authenticated users and leaving as is for all other mail. May I ask for
some tips?

Best ragrads,
MArek


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: canonical vs smtp_generic_maps vs ...?

Noel Jones-2
On 2/17/2017 12:04 PM, Marek Kozlowski wrote:
> I'm searching for a possibbility of rewriting (senders') addresses only
> for all mail originating from my system - no matter if it is local or
> remote delivery. I mean: rewriting sender's address for mail from SASL
> authenticated users and leaving as is for all other mail. May I ask for
> some tips?
>
> Best ragrads,
> MArek
>

From your short description, it sounds as if canonical_maps is what
you need.  If that doesn't seem to fit, please describe your needs
in more detail.



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: canonical vs smtp_generic_maps vs ...?

Viktor Dukhovni
In reply to this post by Marek Kozlowski-2

> On Feb 17, 2017, at 1:04 PM, Marek Kozlowski <[hidden email]> wrote:
>
> I'm searching for a possibbility of rewriting (senders') addresses only
> for all mail originating from my system - no matter if it is local or
> remote delivery. I mean: rewriting sender's address for mail from SASL
> authenticated users and leaving as is for all other mail. May I ask for
> some tips?

Apply suitable canonical_maps with submission via port 587.  Do not offer
SASL authentication with the port 25 inbound MX service.

You can use a separate Postfix instance for the MSA, or, alternatively,
just a separate master.cf smtpd(8) service on port 587 along with a
"-o cleanup_service_name=submission_cleanup" setting and a additional
cleanup(8) that has "-o canonical_maps=$submission_canonical_maps",
optionally the same "-o canonical_maps" override could also be specified
for the submission smtpd(8).

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: canonical vs smtp_generic_maps vs ...?

Marek Kozlowski-2
In reply to this post by Noel Jones-2
On 02/17/2017 07:41 PM, Noel Jones wrote:

> On 2/17/2017 12:04 PM, Marek Kozlowski wrote:
>> I'm searching for a possibbility of rewriting (senders') addresses only
>> for all mail originating from my system - no matter if it is local or
>> remote delivery. I mean: rewriting sender's address for mail from SASL
>> authenticated users and leaving as is for all other mail. May I ask for
>> some tips?
>
> From your short description, it sounds as if canonical_maps is what
> you need.  If that doesn't seem to fit, please describe your needs
> in more detail.
I perform maps in form of some LDAP queries. In my case it is possible
that my server receives mail from some remote hosts while LDAP queries
return positive results. In such case any replacements should NOT be
applied. For mail from SASL authenticated users I'd like to rewrite
senders' addresses according to LDAP queries results no matter if it is
local or remote delivery.

When smithj authenticates via SASL to my server and sends e-mail from
`[hidden email]' locally or remotely I'd like to replace it to
`[hidden email]'. But if mail form `[hidden email]' is received
from remote SMTP hosts any address changes should NOT be applied.

Best ragerds,
Marek



smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: canonical vs smtp_generic_maps vs ...?

Noel Jones-2
On 2/17/2017 12:53 PM, Marek Kozlowski wrote:
> When smithj authenticates via SASL to my server and sends e-mail from
> `[hidden email]' locally or remotely I'd like to replace it to
> `[hidden email]'. But if mail form `[hidden email]' is received
> from remote SMTP hosts any address changes should NOT be applied.

Excellent, yes canonical_maps is what you need, but you'll need to
limit the scope to submission.  See Viktor's reply for how to do
that.  Come back if you have any questions.



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: canonical vs smtp_generic_maps vs ...?

Marek Kozlowski-2
On 02/17/2017 08:09 PM, Noel Jones wrote:
> On 2/17/2017 12:53 PM, Marek Kozlowski wrote:
>> When smithj authenticates via SASL to my server and sends e-mail from
>> `[hidden email]' locally or remotely I'd like to replace it to
>> `[hidden email]'. But if mail form `[hidden email]' is received
>> from remote SMTP hosts any address changes should NOT be applied.
>
> Excellent, yes canonical_maps is what you need, but you'll need to
> limit the scope to submission.  See Viktor's reply for how to do
> that.  Come back if you have any questions.

Honestly, I'd like to use canonicals for postsrsd (protecting external
forwards from SPF rules) so if I could use some other mechanism here...

Best regards,
Marek


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: canonical vs smtp_generic_maps vs ...?

Noel Jones-2
On 2/17/2017 1:24 PM, Marek Kozlowski wrote:

> On 02/17/2017 08:09 PM, Noel Jones wrote:
>> On 2/17/2017 12:53 PM, Marek Kozlowski wrote:
>>> When smithj authenticates via SASL to my server and sends e-mail from
>>> `[hidden email]' locally or remotely I'd like to replace it to
>>> `[hidden email]'. But if mail form `[hidden email]' is received
>>> from remote SMTP hosts any address changes should NOT be applied.
>>
>> Excellent, yes canonical_maps is what you need, but you'll need to
>> limit the scope to submission.  See Viktor's reply for how to do
>> that.  Come back if you have any questions.
>
> Honestly, I'd like to use canonicals for postsrsd (protecting external
> forwards from SPF rules) so if I could use some other mechanism here...
>
> Best regards,
> Marek
>

I don't use postsrsd so can't offer any specific advice on that.
Canonical maps is the feature you need for the address rewriting you
have described.  You can use multiple canonical_maps as long as they
aren't trying to match the same input key.



  -- Noel Jones