[2025-01-08 13:17] Kirill A. Korinsky <kir...@korins.ky> > On Wed, 08 Jan 2025 08:05:23 +0100, > Philipp <phil...@bureaucracy.de> wrote: > > The match rules for the sender and recipient are currently only match > > the full mail addresses. So you can not match local part or domains in > > them. There are some workarounds for this, but they depend on the > > concrete table implementation. > > > > It would be nice to have a general syntax for this. I would prefere > > to have an optional parameter ``address-part'' for these conditions. > > So the syntax would look something like this: > > > > [from] mail-from [full|localpart|domain] sender|<sender> > > [for] rcpt-to [full|localpart|domain] recipient|<recipient> > > > > The biggest problem with this is that the "domain" keyword now is used > > twice. But I don't know a better keyword. The "rcpt-to domain" part is > > redundant, but I have added it for symetry. > > > > To implement this I would extend the ruleset_match_smtp_mail_from() > > and ruleset_match_smtp_rcpt_to(). > > > > What do you think about this idea? > > > > Looks interesting but in case of sender it raises a question about trust to > such field.
Let say It this way: I don't trust the sender so I don't use it for my routing. > Bring here DMARC/DKIM/ARC isn't an option clearly. > > Perhabs some kind of "trusted" relay should be introduced? I mean that > mail-from can be trusted only if email is originated from a trusted relay, > or locally. I don't think this is necessary. We have already enough points[0] where you can add checks for the sender. Also it's still posibil to combine this with other match options like src to match the client ip. I have add the senders option becasue it should work the same like the recipient and others requested it. But in most cases it's not necesary to use the sender for the routing decicien. Philipp [0] filters, listen on auth, require auth on listen, senders on listen > > What do you think? > > -- > wbr, Kirill >
