| 1 |
On 09/03/2012 05:07 PM, Vinícius Ferrão wrote: |
| 2 |
>> |
| 3 |
>> Is this so that people won't mark those messages as spam (thus pinning |
| 4 |
>> the blame on your mail server)? |
| 5 |
>> |
| 6 |
>> If so, let me assure you that it will be ignored. I've even called some |
| 7 |
>> of our customers with forwarded addresses on the phone and personally |
| 8 |
>> asked them to stop marking stuff as spam. They still ignore me. |
| 9 |
> |
| 10 |
> Actually we have user that automatic redirect messages to their personal |
| 11 |
> accounts. And this behaviour is not 100% approved by the university. So |
| 12 |
> I want to put a disclaimer in those people, as |
| 13 |
> example: john@××××××××××.com <mailto:john@××××××××××.com> redirects |
| 14 |
> to john@×××××.com <mailto:john@×××××.com>. I want to put a disclaimer in |
| 15 |
> *ALL* messages redirected to external domains. |
| 16 |
> |
| 17 |
|
| 18 |
OK disregard my cynicism then =) |
| 19 |
|
| 20 |
|
| 21 |
>> |
| 22 |
>>> The tricky part is how to detected which messages are automatically |
| 23 |
>>> forwarded to an external domain. |
| 24 |
>> |
| 25 |
>> If this is a filtering gateway, I'm guessing all of your recipients are |
| 26 |
>> listed in relay_recipient_maps? If so, you should be able to override |
| 27 |
>> the default_transport (which defaults to smtp:). |
| 28 |
>> |
| 29 |
>> For example, you could set up a disclaimer-only instance of amavis on |
| 30 |
>> port 10029, and then set the default_transport to |
| 31 |
>> smtp:[localhost]:10029. I would beware of unintended consequences, |
| 32 |
>> though. You're liable to stick a disclaimer on some things by accident. |
| 33 |
> |
| 34 |
> There's no recipient check in my mail filtering gateway. I leave this |
| 35 |
> job to my final destination. It's not easy to get the final destination |
| 36 |
> since we have some different end destination servers and a separate |
| 37 |
> mailman server. |
| 38 |
|
| 39 |
Although it isn't related to your current problem, you really must check |
| 40 |
recipient validity at receipt time. Otherwise, you're a backscatter source. |
| 41 |
|
| 42 |
If I send spam to you (To: user@invalid) claiming to be from |
| 43 |
user@×××××××.com, you'll accept it, because you aren't validating the |
| 44 |
recipient. When you try to send it to its final destination, it will |
| 45 |
reject it, because user@invalid doesn't live there. Now, you're stuck |
| 46 |
with the message, and your filtering server will try to return it to the |
| 47 |
sender. But the sender was forged! So you wind up returning my spam to |
| 48 |
user@×××××××.com. |
| 49 |
|
| 50 |
If it's not possible to get a list of valid recipients, you can fall |
| 51 |
back to address verification: |
| 52 |
|
| 53 |
http://www.postfix.org/ADDRESS_VERIFICATION_README.html |
| 54 |
|
| 55 |
Basically, postfix will put the sender on hold, contact the destination |
| 56 |
server in the background, check that the recipient is valid, and relay |
| 57 |
the answer to the sender. |
| 58 |
|
| 59 |
|
| 60 |
> I can't really understand your example: in this situation everything |
| 61 |
> will be "disclaimed"; and I just want to modify messages to people that |
| 62 |
> receive their corporate emails in their personal account. |
| 63 |
|
| 64 |
It depends on how you're set up. There are two transports that are |
| 65 |
basically the same[1]: 'relay' and 'smtp'. If your domains are listed in |
| 66 |
relay_domains, mail to them will be relayed to the destination via the |
| 67 |
'relay' transport. |
| 68 |
|
| 69 |
The idea was, if all of your domains are listed in relay_domains, then |
| 70 |
any mail using the default_transport='smtp' instead of 'relay' must be |
| 71 |
going off-site. The only stuff going off-site should be mail that's |
| 72 |
being forwarded to external domains. Unfortunately, unless you validate |
| 73 |
your recipients, you'll be bouncing messages, and those go off-site too |
| 74 |
so the reasoning doesn't hold. |
| 75 |
|
| 76 |
The first thing I would do is fix your recipient validation. Once that's |
| 77 |
done, it's probably safe to add the disclaimer to the 'smtp' transport. |
| 78 |
I would also ask on the postfix-users list -- there are people there who |
| 79 |
know a lot more than I do and might be able to point out a reason why it |
| 80 |
wouldn't work. But the first thing they would tell you to do is fix the |
| 81 |
recipient validation, so you might as well get that out of the way! |
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
[1] http://www.postfix.org/ADDRESS_CLASS_README.html |
Archives