header_checks for IP & email destination?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

header_checks for IP & email destination?

linux
Hi,

Running postfix-2.10.1-6.el7.x86_64 on RHEL 7.4.

I've a very unique need to configure Postfix to deliver email based on
source IP and destination email address.

Example:
-----------------------------------
If:
    Received: by mx0.example2.com AND Delivered-To:
[hidden email]

    Action: Deliver
else:
    Discard or Redirect (depending on user)
fi
-----------------------------------

Can postfix header_checks do this? Looks like it'll only accept regex
based on a line by line query?
Other research I've done suggests that I could use spamassassin?

Regards,

Craig
Reply | Threaded
Open this post in threaded view
|

Re: header_checks for IP & email destination?

Viktor Dukhovni


> On Dec 21, 2017, at 7:54 PM, [hidden email] wrote:
>
> I've a very unique need to configure Postfix to deliver email based on
> source IP and destination email address.
>
> Example:
> -----------------------------------
> If:
>    Received: by mx0.example2.com AND Delivered-To:
> [hidden email]
>
>    Action: Deliver
> else:
>    Discard or Redirect (depending on user)
> fi
> -----------------------------------
>
> Can postfix header_checks do this?

No.  Nor can any other MTA, because mail routing MUST be based
the message envelope recipients not header recipients.

> Looks like it'll only accept regex based on a line by line query?

Correct, but headers would be the wrong criterion anyway.

Policy services can return DISCARD verdicts for the message as
a whole, based on the envelope and message original.  Milters
or content filters should be able to delete specific recipients.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: header_checks for IP & email destination?

Markus Clardy
If it is supposed to be Source IP and destination address, do you really need to do anything with the headers?

What I mean is, if you know the IP, make a restriction that if a mail is being received from a specific IP, then push it onto another restriction class, which then checks the recipient, and if it is the correct recipient, allow it through, else reject it (or redirect it).

I realize this would add tons of restriction classes, but it would work for what you are wanting to do, would it not?

Or do you mean the first hop, not the last hop prior to your server is what you need to base it on?

On Fri, Dec 22, 2017 at 6:34 AM, Viktor Dukhovni <[hidden email]> wrote:


> On Dec 21, 2017, at 7:54 PM, [hidden email] wrote:
>
> I've a very unique need to configure Postfix to deliver email based on
> source IP and destination email address.
>
> Example:
> -----------------------------------
> If:
>    Received: by mx0.example2.com AND Delivered-To:
> [hidden email]
>
>    Action: Deliver
> else:
>    Discard or Redirect (depending on user)
> fi
> -----------------------------------
>
> Can postfix header_checks do this?

No.  Nor can any other MTA, because mail routing MUST be based
the message envelope recipients not header recipients.

> Looks like it'll only accept regex based on a line by line query?

Correct, but headers would be the wrong criterion anyway.

Policy services can return DISCARD verdicts for the message as
a whole, based on the envelope and message original.  Milters
or content filters should be able to delete specific recipients.

--
        Viktor.




--
 - Markus