On 7/30/2018 8:19 AM, Scappatura Rocco wrote: > > >> -----Messaggio originale----- >> Da: owner-postfix-us...@postfix.org [mailto:owner-postfix- >> us...@postfix.org] Per conto di Wietse Venema >> Inviato: lunedì 30 luglio 2018 15:06 >> A: Postfix users <postfix-users@postfix.org> >> Oggetto: Re: Rewrite header From: >> >> Scappatura Rocco: >>> Hello. >>> >>> My mail server received unsollecited emails with header From: similar to >> 'Heidi <info>'. >>> >>> Users perceive that email comes from our company as the header From: >> has been rewrite in 'Heidi <i...@host.domain.tld>'. >>> >>> Infact: >>> >>> myorigin = $mydomain >>> mydomain = host.domain.tld >>> >>> and >>> >>> append_at_myorigin = yes >>> local_header_rewrite_clients = permit_inet_interfaces >>> >>> Is there a way to block incoming e-mails whose 'Header From:' does not >> specify valid email address? >>> >> >> Perhaps the following will do the job: >> >> /etc/postfix/main.cf: >> remote_header_rewrite_domain = domain.invalid >> >> but it may have no effect on an smtpd_proy_filter based content filter. > > Thanks Wietse > > My configuration does not use smtpd_proxy_filter at all. > > So I think I can set: > > remote_header_rewrite_domain = domain.invalid > > or it could be better to set: > > remote_header_rewrite_domain =
Setting "remote_header_rewrite_domain = domain.invalid" prevents other software from rewriting the header once it leaves postfix, and should make it clear that the domain is invalid even to unsophisticated users. Some users may confuse a missing domain as meaning @local. > > What is the difference simply explained? > > And, if I have well understood, it could be also a solution for my issue also > to set: > > local_header_rewrite_clients = permit_mynetworks > > So that local generate emails will have header From: correctly rewritten, > while email coming from outside will not have header From: rewritten.. > > Correct? Setting "local_header_rewrite_clients=permit_mynetworks" is the default. Note that if mail enters postfix multiple times, such as after a content_filter or some other external process such as a spam filter, the second trip through postfix will be from $mynetworks, causing empty domains to be rewritten to the local domain. That's another good reason to use "remote_header_rewrite_domain = domain.invalid". -- Noel Jones