--On Wednesday, February 25, 2015 4:17 PM -0500 Wietse Venema
<wie...@porcupine.org> wrote:
Quanah Gibson-Mount:
We're looking to implement SRS support along the lines of
<https://www.mind-it.info/forward-postfix-spf-srs/>. The primary issue
I see when looking at this is we already have sender_canonical_maps set
to do an ldap lookup for supporting alias domains:
...
So I'm not sure how to get this lookup to succeed AND have it then go
through SRS.
I was about to suggest:
sender_canonical_maps = pipemap{
proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
tcp:127.0.0.1:10001
}
(note: the "}" must be indented).
This will produce output only when both tables in the pipemap
produce a result (addresses that are mapped with LDAP then SRS).
Otherwise it produces no result.
Is that what you need, or are both mappings optional, as in: you
map some recipients only with LDAP, some recipients with both LDAP
and SRS, and some recipients only with SRS?
The general issue is when someone sets up forwarding within Zimbra:
Imagine al...@example.com e-mails b...@zimbra.com, but bob has set up e-mail
forwarding to char...@bbc.com
al...@example.com -> b...@zimbra.com -> char...@bbc.com
At the mx.zimbra.com mail server, the SPF record for example.com is
checked, and passes: mx.example.com is a permitted sender. Everything is
okay.
But then... the e-mail is forwarded outside, to mx.bbc.com. Because the
envelope from address is not modified, mx.bbc.com will reject the e-mail
because the SPF record tells it to: mx.zimbra.com is not permitted to send
e-mail from example.com.
note that b...@zimbra.com could be an alias domain (thus the need for the
ldap lookup as well).
I assume the above pipemap is a postfix 3.0 and later only ability?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
