Prev: Simple hack to get $500 to your home
Next: Too aggressive
From: Wietse Venema on 14 Jun 2010 13:32
Rudy Gevaert:
> This is my test email:
>
> rgevaert(a)pimp:~$ telnet smtp1.ugent.be 25
> Trying 157.193.71.182...
> Connected to smtp1.ugent.be.
> Escape character is '^]'.
> 220 smtp.ugent.be ESMTP Postfix (Debian/GNU)
> helo pimp.ugent.be
> 250 smtp1.UGent.be
> mail from:<rgevaert(a)xchange.ugent.be>
> 250 2.1.0 Ok
> rcpt to:<rudy.gevaert(a)ugent.be>
> 250 2.1.5 Ok
> data
> 354 End data with <CR><LF>.<CR><LF>
> From: rgevaert(a)xchange.ugent.be
> Subject: test

Note: this submission is from pimp.ugent.be (157.193.44.68) to
smtp1.ugent.be (157.193.71.182). I' almost 100% certain that these
two hosts are in different subnets. The days that universities
were bridging their entire class B network should be long past.

> The email how it arrived:
>
> Return-Path: <rudy.gevaert(a)ugent.be>
....
> From: rgevaert(a)xchange.ugent.be
> Subject: test
....

This happens when client and server are in different subnets.

When 157.193.44.68 does not match local_header_rewrite_clients
(default: permit_mynetworks) then the From: etc. header from
157.193.44.68 will not be rewritten.

This change was introduced with Postfix 2.2.0. It prevents Postfix
from appending its own domain to malformed spam (which was a source
of confusion) and it also prevents Postfix from breaking DKIM and
DomainKeys signatures.

To fix, you need to update the local_header_rewrite_clients in your
main.cf file and specify network/mask information that includes
all the networks whose headers you want to rewrite. It could be as
simple as the whole class B network (157.193.0.0/16).

I see that you have "smtpd -o local_header_rewrite_clients=" in
your master.cf file for the "after filter" SMTP servers. This is
good.

Wietse

From: "Rudy Gevaert" on 14 Jun 2010 14:34
Thanks for the help Wietse, however don't seem to be able to produce
what you are saying.

Quoting "Wietse Venema" <wietse(a)porcupine.org>:

> To fix, you need to update the local_header_rewrite_clients in your
> main.cf file and specify network/mask information that includes
> all the networks whose headers you want to rewrite. It could be as
> simple as the whole class B network (157.193.0.0/16).

I assumed, after reading the docs, that permit_mynetworks inforces
that behaviour! It doesn't seem to.

However:

local_header_rewrite_clients = static:all

rewrites envelop but not the header, reading the docs I would assume
it should rewrite the From header:


The Postfix < 2.2 backwards compatible setting: always rewrite
message headers, and always append my own domain to incomplete header
addresses.

local_header_rewrite_clients = static:all

I tested and it doesn't.

I don't see how check_address_map type:table can help as the docs
states it doesn't do a subnet lookup. So I would need to list all my
ips in a file?

The strange thing for me is that in each test my envelop sender is
getting rewritten but my From header not.

Sorry if am missing some obvious here!!

Thanks in advance,

Rudy



--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert e-mail: Rudy.Gevaert(a)UGent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen tel: +32 9 264 4750
Universiteit Gent fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

From: Wietse Venema on 14 Jun 2010 14:58
Rudy Gevaert:
> However:
>
> local_header_rewrite_clients = static:all
>
> rewrites envelop but not the header, reading the docs I would assume
> it should rewrite the From header:

It will not, because you have

receive_override_options = no_address_mappings

in your main.cf file.

Wietse

From: "Rudy Gevaert" on 14 Jun 2010 14:57
Thank you for your help Wietse!

Quoting "Wietse Venema" <wietse(a)porcupine.org>:

> It will not, because you have
>
> receive_override_options = no_address_mappings

This of course explains it! I now figure that I need to put, several
times) the correct local_header_rewrite_clients into my master.cf ?
For the time being it is empty for each service.



--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert e-mail: Rudy.Gevaert(a)UGent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen tel: +32 9 264 4750
Universiteit Gent fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

From: Wietse Venema on 14 Jun 2010 15:54
Rudy Gevaert:
> Thank you for your help Wietse!
>
> Quoting "Wietse Venema" <wietse(a)porcupine.org>:
>
> > It will not, because you have
> >
> > receive_override_options = no_address_mappings
>
> This of course explains it! I now figure that I need to put, several
> times) the correct local_header_rewrite_clients into my master.cf ?
> For the time being it is empty for each service.

If you must rewrite headers then it is better done before the
filters so that they see the "right" email addresses. Then you can
have "local_header_rewrite_clients =" for the "after filter" SMTP
daemons.

Wietse

First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: Simple hack to get $500 to your home
Next: Too aggressive