Am 06.08.2014 um 14:02 schrieb Xie, Wei: > Viktor, > >>> This rather severely limits the usability of your MSA. It cannot support >>> ordinary email sent to multiple recipients or Bcc'ed. Also you say this is >>> an MSA, and >>yet claim the mail is sent by external senders outside OSU. >>> How are these two statements compatible? Is this an MSA processing >>> outbound mail generated >>internally at OSU, or simply an outbound relay, >>> forwarding mail whose recipients are external to your email systems >>> (possibly your users hosted outside). >>> Explain your system more clearly. > > Main email system is Microsoft exchange system. The Exchange Hub servers > deliver the all outbound mails (internal users send emails to external users > or external users send emails to internal users BUT whose email addresses are > forwarding to his/her external mailboxes) to Postfix servers. The postfix > servers receive all emails which the recipient addresses are external email > addresses. So I think it simply an outbound relay, forwarding mail whose > recipients are external to your email systems.
by the way traditional smtp outside forward may break any time, by strict spf,dmarc,dkim, perhaps workaround with "outlook forward rules only" may work.... > >>> Mail you've accepted (whether inbound or outbound) that is then forwarded >>> to Microsoft for a hosted mailbox SHOULD NOT be spam filtered by Microsoft. >>> >>That resposibility falls on your systems as the original systems that >>> receive the mail from the external sender. > > Currently the situation is all outbound emails are sent to MICROSOFT > antispam system - EOP for scanning before they are delivered to destination > external mailboxes. Sometimes internal users' mailboxes are possibly > compromised to be abused to send a lot of outbound junks. Ok so far, whats the problem ? > >>> The systems you use to forward mail to Microsoft for your own hosted users, >>> MUST be whitelisted by Microsoft for delivery to the hosted users in >>> question, >>with NO spam filters applied by them. > > The fact is the systems we currently use are not whitelisted by Microsoft for > delivery to the hosted users in question with NO spam filters applied by > them. As I say above - Sometimes internal users' mailboxes are possibly > compromised to be abused to send a lot of outbound junks. as Viktor wrote, that sounds like "design problem" with no direct relation to postfix > >>> If Microsoft cannot do this for you, find a better email hosting provider. >>> You're wasting time attacking the wrong problem. > > The decision will be made by higher level of managements, not me. Sometimes > the effort used to attack the wrong problem is not fairly wasting time. however decision was made ,it does not change tec facts, re-think your smtp design, i.e let exchange deliver out itself, use other antispam practice etc > > > Thanks, > > Carl > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Viktor Dukhovni > Sent: Tuesday, August 05, 2014 5:46 PM > To: [email protected] > Subject: Re: How to fetch From address from header via Postfix head_check? > > On Tue, Aug 05, 2014 at 09:28:24PM +0000, Xie, Wei wrote: > >>> What you're proposing is not viable, and seems to serve no purpose. >>> You should explain the problem you're trying to solve by adding >>> these, rather than the problems you're having doing so. >> >> When the message hits our outbound Postfix servers, on an MSA the "To:" >> address only list one recipient. We do not need consider multiple >> recipients. > > This rather severely limits the usability of your MSA. It cannot support > ordinary email sent to multiple recipients or Bcc'ed. Also you say this is > an MSA, and yet claim the mail is sent by external senders outside OSU. How > are these two statements compatible? Is this an MSA processing outbound mail > generated internally at OSU, or simply an outbound relay, forwarding mail > whose recipients are external to your email systems (possibly your users > hosted outside). > > Explain your system more clearly. > >> The problem is the nexthop - Microsoft antispam system due to their >> bugs is eating some outbound emails from non-osu.edu or >> non-ohio-state.edu senders to forwarding accounts. But their system >> does not eat the emails which are "Resent-From" from mailbox users >> ("Resent-From:" is appropriate when a user takes a message delivered >> to his mailbox (possibly long after initial delivery) and resends it >> to another user (typically not an original recipient). Our exchange >> engineers ask whether Postfix can add "Resent-From: >> <original to address>" for emails to forwarding accounts like mailbox >> accounts resent the emails to bypass Microsoft antispam system (this >> is one of all kinds attempts). > > Mail you've accepted (whether inbound or outbound) that is then forwarded to > Microsoft for a hosted mailbox SHOULD NOT be spam filtered by Microsoft. > That resposibility falls on your systems as the original systems that receive > the mail from the external sender. > > The systems you use to forward mail to Microsoft for your own hosted users, > MUST be whitelisted by Microsoft for delivery to the hosted users in > question, with NO spam filters applied by them. > > If Microsoft cannot do this for you, find a better email hosting provider. > You're wasting time attacking the wrong problem. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
