Le 07/07/2021 à 15:41, Emmanuel Fusté a écrit :
Le 07/07/2021 à 15:36, Emmanuel Fusté a écrit :
Le 07/07/2021 à 15:26, Wietse Venema a écrit :
Emmanuel Fust?:
Le 07/07/2021 ? 15:06, Wietse Venema a ?crit?:
Viktor Dukhovni:
On Tue, Jul 06, 2021 at 12:56:50PM +0200, Xavier Beaudouin wrote:
I currently have an appliance that misuse the null sender (mail
from:<>) to send mail.
Unfortunatly, this appliance is closed source
and we can only setup : fixed ip address and recipient address
on GUI
(nothing else, even if I try to h4x0r the configuration file).
Is there any good advice I can have to make the internal relay
server
which is postfix based to rewrite the null sender to something
cleaner... but ONLY for the device that use postfix as internal
relay
server?
This requires a content filter or milter, that replaces the envelope
sender address for messages from the client IP address in question.
There is no built-in feature that performs sender address rewrites
conditional on the client IP address.
The milter should be easy to implement.
There is another option:
1 - Configure a Postfix smtpd process on an additional IP addresss
or TCP port that only this client will connect to.
2 - Configure that smtpd process with an smtpd_command_filter that
replaces "MAIL FROM:<>" with the preferred address.
# Listen on port 1234
/etc/postfix/master.cf:
1234 inet .. .. .. .. .. smtpd
-o {smtpd_command_filter = pcre:/etc/postfix/command_filter}
# Listen on IP address 1.2.3.4
/etc/postfix/master.cf:
1.2.3.4:smtp inet .. .. .. .. .. smtpd
-o {smtpd_command_filter = pcre:/etc/postfix/command_filter}
/etc/postfix/command_filter:
/^(MAIL FROM:)\s*<>/ MAIL FROM:<u...@example.com>
Wietse
And use a client_access map in smtpd_client_restriction
check_client_access with a filter action and you will transparently
get
the intended behavior without specific client configuration.
NO FILTER is needed for the stated purpose: replace
the null sender address.
Sorry, I did not explain properly :
1 - Configure a Postfix smtpd process on an additional
TCP port.
2 - Configure that smtpd process with an smtpd_command_filter that
replaces "MAIL FROM:<>" with the preferred address.
# Listen on port 1234 on localhost
/etc/postfix/master.cf:
127.0.0.1:1234 inet .. .. .. .. .. smtpd
-o {smtpd_command_filter = pcre:/etc/postfix/command_filter}
/etc/postfix/command_filter:
/^(MAIL FROM:)\s*<>/ MAIL FROM:<u...@example.com>
3 - Use this smtpd process as a filter for clients coming from IP
address w.x.y.z
/etc/postfix/main.cf:
smtpd_client_restriction= check_client_access
/etc/postfix/client_acess, .....
/etc/postfix/client_acess:
w.x.y.z FILTER localhost:1234
And you get "null sender address rewrites conditional on the client
IP address"
arghh no, sorry, smtp client must be added in between.
A little more complex....
1 - Configure a Postfix smtpd process on an additional
TCP port.
2 - Configure that smtpd process with an smtpd_command_filter that
replaces "MAIL FROM:<>" with the preferred address.
# Listen on port 1234 on localhost
/etc/postfix/master.cf:
127.0.0.1:1234 inet .. .. .. .. .. smtpd
-o {smtpd_command_filter = pcre:/etc/postfix/command_filter}
/etc/postfix/command_filter:
/^(MAIL FROM:)\s*<>/ MAIL FROM:<u...@example.com>
3 - Use this smtpd process as a filter for clients coming from IP
address w.x.y.z
/etc/postfix/main.cf:
smtpd_client_restriction= check_client_access
/etc/postfix/client_acess, .....
/etc/postfix/client_acess:
w.x.y.z FILTER smtp:[127.0.0.1]:1234
With that, no need to change the w.x.y.z client configuration and you
get "null sender address rewrites conditional on the client IP address"
But yes, totally useless if you change the client configuration to point
to the new listener directly.
Emmanuel.
