1 |
On 09/03/2012 05:07 PM, Vinícius Ferrão wrote: |
2 |
>> |
3 |
>> Is this so that people won't mark those messages as spam (thus pinning |
4 |
>> the blame on your mail server)? |
5 |
>> |
6 |
>> If so, let me assure you that it will be ignored. I've even called some |
7 |
>> of our customers with forwarded addresses on the phone and personally |
8 |
>> asked them to stop marking stuff as spam. They still ignore me. |
9 |
> |
10 |
> Actually we have user that automatic redirect messages to their personal |
11 |
> accounts. And this behaviour is not 100% approved by the university. So |
12 |
> I want to put a disclaimer in those people, as |
13 |
> example: john@××××××××××.com <mailto:john@××××××××××.com> redirects |
14 |
> to john@×××××.com <mailto:john@×××××.com>. I want to put a disclaimer in |
15 |
> *ALL* messages redirected to external domains. |
16 |
> |
17 |
|
18 |
OK disregard my cynicism then =) |
19 |
|
20 |
|
21 |
>> |
22 |
>>> The tricky part is how to detected which messages are automatically |
23 |
>>> forwarded to an external domain. |
24 |
>> |
25 |
>> If this is a filtering gateway, I'm guessing all of your recipients are |
26 |
>> listed in relay_recipient_maps? If so, you should be able to override |
27 |
>> the default_transport (which defaults to smtp:). |
28 |
>> |
29 |
>> For example, you could set up a disclaimer-only instance of amavis on |
30 |
>> port 10029, and then set the default_transport to |
31 |
>> smtp:[localhost]:10029. I would beware of unintended consequences, |
32 |
>> though. You're liable to stick a disclaimer on some things by accident. |
33 |
> |
34 |
> There's no recipient check in my mail filtering gateway. I leave this |
35 |
> job to my final destination. It's not easy to get the final destination |
36 |
> since we have some different end destination servers and a separate |
37 |
> mailman server. |
38 |
|
39 |
Although it isn't related to your current problem, you really must check |
40 |
recipient validity at receipt time. Otherwise, you're a backscatter source. |
41 |
|
42 |
If I send spam to you (To: user@invalid) claiming to be from |
43 |
user@×××××××.com, you'll accept it, because you aren't validating the |
44 |
recipient. When you try to send it to its final destination, it will |
45 |
reject it, because user@invalid doesn't live there. Now, you're stuck |
46 |
with the message, and your filtering server will try to return it to the |
47 |
sender. But the sender was forged! So you wind up returning my spam to |
48 |
user@×××××××.com. |
49 |
|
50 |
If it's not possible to get a list of valid recipients, you can fall |
51 |
back to address verification: |
52 |
|
53 |
http://www.postfix.org/ADDRESS_VERIFICATION_README.html |
54 |
|
55 |
Basically, postfix will put the sender on hold, contact the destination |
56 |
server in the background, check that the recipient is valid, and relay |
57 |
the answer to the sender. |
58 |
|
59 |
|
60 |
> I can't really understand your example: in this situation everything |
61 |
> will be "disclaimed"; and I just want to modify messages to people that |
62 |
> receive their corporate emails in their personal account. |
63 |
|
64 |
It depends on how you're set up. There are two transports that are |
65 |
basically the same[1]: 'relay' and 'smtp'. If your domains are listed in |
66 |
relay_domains, mail to them will be relayed to the destination via the |
67 |
'relay' transport. |
68 |
|
69 |
The idea was, if all of your domains are listed in relay_domains, then |
70 |
any mail using the default_transport='smtp' instead of 'relay' must be |
71 |
going off-site. The only stuff going off-site should be mail that's |
72 |
being forwarded to external domains. Unfortunately, unless you validate |
73 |
your recipients, you'll be bouncing messages, and those go off-site too |
74 |
so the reasoning doesn't hold. |
75 |
|
76 |
The first thing I would do is fix your recipient validation. Once that's |
77 |
done, it's probably safe to add the disclaimer to the 'smtp' transport. |
78 |
I would also ask on the postfix-users list -- there are people there who |
79 |
know a lot more than I do and might be able to point out a reason why it |
80 |
wouldn't work. But the first thing they would tell you to do is fix the |
81 |
recipient validation, so you might as well get that out of the way! |
82 |
|
83 |
|
84 |
|
85 |
[1] http://www.postfix.org/ADDRESS_CLASS_README.html |