STARTTLS only to send ?
Hello is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP thank you
Re: STARTTLS only to send ?
On Fri, 28 Jun 2013 09:40:05 +0200 Frank Bonnet frank.bon...@esiee.fr wrote: is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP Yes, that possible. I'm using it on production server.
Re: STARTTLS only to send ?
You have to setup two different services, on the port 25 without AUTH nor TLS and on submission port (587) with both AUTH and TLS. On Friday 28 June 2013 14:43:16 li...@kurawa.fidonet.or.id wrote: On Fri, 28 Jun 2013 09:40:05 +0200 Frank Bonnet frank.bon...@esiee.fr wrote: is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP Yes, that possible. I'm using it on production server.
header_checks: distinguishing between incoming and outgoing mail?
Hi, I'm already using header_checks (regexp) to reject outgoing mails containing a specific string in the subject. (OK, usually incoming mails don't include this string in the subject). Now I wanted to reject incoming emails with forged From:-Header containing my own domain. So I attached a new regexp line in the existing header_cheks file in warning mode. But the result is that everything (in- and outbound mails)containing my domain in the From:-Header would be rejected. How can I apply this check to only incoming mails? I'm running postfix 2.7.1 on RHEL 5.6 Thanks for your help J.T.
Re: STARTTLS only to send ?
Frank Bonnet frank.bon...@esiee.fr wrote: Hello is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP thank you A quick searche for Postfix multiple instabces will give you a number of sites with examples or solutions. Google can be your FRIEND. -- Roel Wagenaar, Linux-User #469851 with the Linux Counter; http://linuxcounter.net/ Antw.: Omdat het de volgorde verstoord waarin mensen tekst lezen. Vraag: Waarom is top-posting een slechte gewoonte? Antw.: Top-posting. Vraag: Wat is het meest ergerlijke in e-mail? Why be difficult, when with a bit of effort, you can be impossible?
Re: STARTTLS only to send ?
On 06/28/2013 01:33 PM, Roel Wagenaar wrote: Frank Bonnet frank.bon...@esiee.fr wrote: Hello is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP thank you A quick searche for Postfix multiple instabces will give you a number of sites with examples or solutions. Google can be your FRIEND. ok it works fine , thanks to all that respond so quickly
Re: header_checks: distinguishing between incoming and outgoing mail?
Julio Talaverano: So I attached a new regexp line in the existing header_cheks file in warning mode. But the result is that everything (in- and outbound mails)containing my domain in the From:-Header would be rejected. How can I apply this check to only incoming mails? First, you would be rejecting your own postings to this mailing list. Second, header_checks is NOT a spam filter. Use a spamfilter instead. Wietse
amavisd+postfix lmtp
Hi group i have this message in tail -f /var/log/maillog bad transport type : lmtp_data_done_tiemeout=1200 I dont know where is problem /etc/postfix.master.cf # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == ... amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 Br Dejan
Re: amavisd+postfix lmtp
On Fri, Jun 28, 2013 at 03:04:29PM +0200, Dejan Doder wrote: Hi group i have this message in tail -f /var/log/maillog bad transport type : lmtp_data_done_tiemeout=1200 I dont know where is problem /etc/postfix.master.cf # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == ... amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 Br Dejan Hallo, is it possible that this has to be lmtp_data_done_timeout=1200s ? At least when reading http://www.postfix.org/postconf.5.html it appears like that to me. Nonsense? Cheers -- Michael P. Demelbauer Systemadministration WSR Arsenal, Objekt 20 1030 Wien --- Truly superior pilots are those who use their superior judgement to avoid those situations where they might have to use their superior skills. -- from yu...@googlegroups.com
Re: amavisd+postfix lmtp
No it is not that i tryed , something with lmtp is On Fri, Jun 28, 2013 at 3:22 PM, Michael P. Demelbauer michael.demelba...@wsr.ac.at wrote: On Fri, Jun 28, 2013 at 03:04:29PM +0200, Dejan Doder wrote: Hi group i have this message in tail -f /var/log/maillog bad transport type : lmtp_data_done_tiemeout=1200 I dont know where is problem /etc/postfix.master.cf # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == ... amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 Br Dejan Hallo, is it possible that this has to be lmtp_data_done_timeout=1200s ? At least when reading http://www.postfix.org/postconf.5.html it appears like that to me. Nonsense? Cheers -- Michael P. Demelbauer Systemadministration WSR Arsenal, Objekt 20 1030 Wien --- Truly superior pilots are those who use their superior judgement to avoid those situations where they might have to use their superior skills. -- from yu...@googlegroups.com
Re: amavisd+postfix lmtp
On Fri, Jun 28, 2013 at 03:22:58PM +0200, Michael P. Demelbauer wrote: On Fri, Jun 28, 2013 at 03:04:29PM +0200, Dejan Doder wrote: i have this message in tail -f /var/log/maillog bad transport type : lmtp_data_done_tiemeout=1200 Correct spelling DOES count here, _timeout? I dont know where is problem /etc/postfix.master.cf # == # service type private unpriv chroot wakeup maxproc command + args The transport type is the second field. # (yes) (yes) (yes) (never) (100) # == ... amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 This suggests that Postfix, when parsing master.cf, did not see the whitespace at the beginning of this line. Did you edit this in a Unix editor? I'd also suspect non-breaking spaces, which AFAIK are not going to be recognized as legitimate whitespace characters. -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 is it possible that this has to be lmtp_data_done_timeout=1200s ? At least when reading http://www.postfix.org/postconf.5.html it appears like that to me. Nonsense? The default time unit is s (seconds), so 1200 and 1200s are the same thing. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: amavisd+postfix lmtp
_timeout? it my fault in typing I edited this in vi editor.. On Fri, Jun 28, 2013 at 3:31 PM, /dev/rob0 r...@gmx.co.uk wrote: On Fri, Jun 28, 2013 at 03:22:58PM +0200, Michael P. Demelbauer wrote: On Fri, Jun 28, 2013 at 03:04:29PM +0200, Dejan Doder wrote: i have this message in tail -f /var/log/maillog bad transport type : lmtp_data_done_tiemeout=1200 Correct spelling DOES count here, _timeout? I dont know where is problem /etc/postfix.master.cf # == # service type private unpriv chroot wakeup maxproc command + args The transport type is the second field. # (yes) (yes) (yes) (never) (100) # == ... amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 This suggests that Postfix, when parsing master.cf, did not see the whitespace at the beginning of this line. Did you edit this in a Unix editor? I'd also suspect non-breaking spaces, which AFAIK are not going to be recognized as legitimate whitespace characters. -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 is it possible that this has to be lmtp_data_done_timeout=1200s ? At least when reading http://www.postfix.org/postconf.5.html it appears like that to me. Nonsense? The default time unit is s (seconds), so 1200 and 1200s are the same thing. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: amavisd+postfix lmtp
/dev/rob0 thank you you are right! I did not type space before -o On Fri, Jun 28, 2013 at 3:40 PM, Dejan Doder dode...@gmail.com wrote: _timeout? it my fault in typing I edited this in vi editor.. On Fri, Jun 28, 2013 at 3:31 PM, /dev/rob0 r...@gmx.co.uk wrote: On Fri, Jun 28, 2013 at 03:22:58PM +0200, Michael P. Demelbauer wrote: On Fri, Jun 28, 2013 at 03:04:29PM +0200, Dejan Doder wrote: i have this message in tail -f /var/log/maillog bad transport type : lmtp_data_done_tiemeout=1200 Correct spelling DOES count here, _timeout? I dont know where is problem /etc/postfix.master.cf # == # service type private unpriv chroot wakeup maxproc command + args The transport type is the second field. # (yes) (yes) (yes) (never) (100) # == ... amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 This suggests that Postfix, when parsing master.cf, did not see the whitespace at the beginning of this line. Did you edit this in a Unix editor? I'd also suspect non-breaking spaces, which AFAIK are not going to be recognized as legitimate whitespace characters. -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 is it possible that this has to be lmtp_data_done_timeout=1200s ? At least when reading http://www.postfix.org/postconf.5.html it appears like that to me. Nonsense? The default time unit is s (seconds), so 1200 and 1200s are the same thing. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: header_checks: distinguishing between incoming and outgoing mail?
Many thanks Wietse, does that also mean, it's not possible to distinguish? Julio --- On Fri, 6/28/13, Wietse Venema wie...@porcupine.org wrote: From: Wietse Venema wie...@porcupine.org Subject: Re: header_checks: distinguishing between incoming and outgoing mail? To: Postfix users postfix-users@postfix.org Date: Friday, June 28, 2013, 11:50 AM Julio Talaverano: So I attached a new regexp line in the existing header_cheks file in warning mode. But the result is that everything (in- and outbound mails)containing my domain in the From:-Header would be rejected. How can I apply this check to only incoming mails? First, you would be rejecting your own postings to this mailing list. Second, header_checks is NOT a spam filter. Use a spamfilter instead. Wietse
Re: STARTTLS only to send ?
On 06/28/2013 01:33 PM, Roel Wagenaar wrote: Frank Bonnet frank.bon...@esiee.fr wrote: Hello is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP thank you A quick searche for Postfix multiple instabces will give you a number of sites with examples or solutions. Google can be your FRIEND. Except there is no need to set up multiple instances just to enable mail submission. Nor is it a good idea to use a random website for instructions. Many of them are wrong. -- J.
Re: STARTTLS only to send ?
On 28 Jun 2013, at 11:03 , Jeroen Geilman jer...@adaptr.nl wrote: Nor is it a good idea to use a random website for instructions. Many of them are wrong You know, that should be front and center in the readme files and the welcome to the list message. -- 'But you ain't part of it, are you?' said Granny conversationally. 'You try, but you always find yourself watchin' yourself watchin' people, eh? Never quite believin' anything? Thinkin' the wrong thoughts?'
Option to log clients that execute invalid commands or disconnect with no email delivery
I use fail2ban in order to block some types of apparently malicious connections to postfix when the clients keep retrying. For example the following fail2ban regexes match cases I currently block by parsing the maillog. reject: RCPT from (.*)\[HOST\]: 554 lost connection after AUTH from (.*)\[HOST\]\s*$ reject: RCPT from (.*)\[HOST\]: 550 5.7.1 Client host rejected: cannot find your reverse hostname NOQUEUE: reject: RCPT from (.*)\[HOST\]:\d+: 550 5.7.1 Service unavailable; client \[\d+\.\d+\.\d+\.\d+\] blocked using One type of connection which I cannot block in fail2ban are clients that try the AUTH command on port 25, where I have disabled it. I got 245 connections this morning in the space of 5 minutes and those are the ones that got through despite the connection concurrency limit being hit 277 times. I would prefer just to block them after that first 5 attempts or so. Only info I get is following emails to postmaster and connects and disconnects in the mail log. Transcript of session follows. Out: 220 mail.erba.tv ESMTP Postfix In: EHLO ATTACHE-SERVER Out: 250-mail.erba.tv Out: 250-PIPELINING Out: 250-SIZE 5000 Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: AUTH LOGIN Out: 503 5.5.1 Error: authentication not enabled Session aborted, reason: lost connection For other details, see the local mail logfile Logfile Jun 28 09:04:37 rosalia postfix/postscreen[10170]: CONNECT from [202.136.109.205]:54626 to [80.237.194.64]:25 Jun 28 09:04:43 rosalia postfix/postscreen[10170]: PASS NEW [202.136.109.205]:54626 Jun 28 09:04:43 rosalia postfix/smtpd[10175]: connect from 202-136-109-205.static.adam.com.au[202.136.109.205] Jun 28 09:04:47 rosalia postfix/smtpd[10175]: disconnect from 202-136-109-205.static.adam.com.au[202.136.109.205] etc Would it be possible to have an option to log errors. Clearly this is not appropriate for all cases, since it can DDOS the maillog, but if turned on only when used in conjunction with fail2ban that would actually reduce connection load. One idea would be to make it configurable so it lists invalid commands to log (like AUTH when it's not allowed), so it could not write arbitrary strings to the maillog. An alternative idea would be to log disconnects differently if there was no email delivery email. Jun 28 09:04:47 rosalia postfix/smtpd[10175]: disconnect from 202-136-109-205.static.adam.com.au[202.136.109.205] without mail John
Re: header_checks: distinguishing between incoming and outgoing mail?
Julio Talaverano: Many thanks Wietse, does that also mean, it's not possible to distinguish? header_checks matches header lines. No more, no less. It is not a spam filter, therefore it does not need to be aware of direction, sender, recipient and so on. Wietse
Re: Option to log clients that execute invalid commands or disconnect with no email delivery
John Fawcett: I use fail2ban in order to block some types of apparently malicious connections to postfix when the clients keep retrying. For example the As you agree logging every failed command would not be safe by default. On the other hand, logging the command name (even without) parameters for every [45]XX response could be tricky. Adding IF statements all over the code is undesirable, so this would require a structural change to the command reader and responder. What about a one-line change, such that the SMTP server logs the existing per-session error counter when the connection is closed? This counter is reset upon successful completion of a (MAIL, RCPT, DATA, end-of-data) sequence. This should be sufficient to expose clients that hammer your server with unimplemented AUTH commands. Wietse
PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery
Wietse Venema: John Fawcett: I use fail2ban in order to block some types of apparently malicious connections to postfix when the clients keep retrying. For example the As you agree logging every failed command would not be safe by default. On the other hand, logging the command name (even without) parameters for every [45]XX response could be tricky. Adding IF statements all over the code is undesirable, so this would require a structural change to the command reader and responder. What about a one-line change, such that the SMTP server logs the existing per-session error counter when the connection is closed? This counter is reset upon successful completion of a (MAIL, RCPT, DATA, end-of-data) sequence. This should be sufficient to expose clients that hammer your server with unimplemented AUTH commands. Example: Jun 28 16:27:25 spike postfix/smtpd[65532]: disconnect from camomile.cloud9.net[2604:8d00:0:1::3] error_count 0 As per the patch below for any Postfix version ever released. Wietse *** ./src/smtpd/smtpd.c-Sun Jun 23 11:10:02 2013 --- ./src/smtpd/smtpd.c Fri Jun 28 16:26:41 2013 *** *** 4989,4995 * After the client has gone away, clean up whatever we have set up at * connection time. */ ! msg_info(disconnect from %s, state.namaddr); smtpd_state_reset(state); debug_peer_restore(); } --- 4989,4996 * After the client has gone away, clean up whatever we have set up at * connection time. */ ! msg_info(disconnect from %s error_count %d, !state.namaddr, state.error_count); smtpd_state_reset(state); debug_peer_restore(); }
Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery
On 28/06/13 22:30, Wietse Venema wrote: Wietse Venema: John Fawcett: I use fail2ban in order to block some types of apparently malicious connections to postfix when the clients keep retrying. For example the As you agree logging every failed command would not be safe by default. On the other hand, logging the command name (even without) parameters for every [45]XX response could be tricky. Adding IF statements all over the code is undesirable, so this would require a structural change to the command reader and responder. What about a one-line change, such that the SMTP server logs the existing per-session error counter when the connection is closed? This counter is reset upon successful completion of a (MAIL, RCPT, DATA, end-of-data) sequence. This should be sufficient to expose clients that hammer your server with unimplemented AUTH commands. Example: Jun 28 16:27:25 spike postfix/smtpd[65532]: disconnect from camomile.cloud9.net[2604:8d00:0:1::3] error_count 0 As per the patch below for any Postfix version ever released. Wietse *** ./src/smtpd/smtpd.c- Sun Jun 23 11:10:02 2013 --- ./src/smtpd/smtpd.c Fri Jun 28 16:26:41 2013 *** *** 4989,4995 * After the client has gone away, clean up whatever we have set up at * connection time. */ ! msg_info(disconnect from %s, state.namaddr); smtpd_state_reset(state); debug_peer_restore(); } --- 4989,4996 * After the client has gone away, clean up whatever we have set up at * connection time. */ ! msg_info(disconnect from %s error_count %d, ! state.namaddr, state.error_count); smtpd_state_reset(state); debug_peer_restore(); } Thanks Wietse That looks like it will do it.
postfix rejecting valid mail server
var/log/mail.log:Jun 28 18:25:43 rt-dq postfix/smtpd[4931]: NOQUEUE: reject: RCPT from unknown[209.85.219.66]: 450 4.7.1 Client host rejected: cannot find your hostname, [209.85.219.66]; from=tess...@gmail.com to= nti-ad...@quimica.ufpb.br proto=ESMTP helo=mail-oa0-f66.google.com Then, at this exactly mail server machine: # nslookup 209.85.219.66 Server: x.x.x.x Address:x.x.x.x#53 Non-authoritative answer: 66.219.85.209.in-addr.arpa name = mail-oa0-f66.google.com. Authoritative answers can be found from: 219.85.209.in-addr.arpa nameserver = ns1.google.com. 219.85.209.in-addr.arpa nameserver = ns3.google.com. 219.85.209.in-addr.arpa nameserver = ns2.google.com. 219.85.209.in-addr.arpa nameserver = ns4.google.com. ns1.google.com internet address = 216.239.32.10 So, postfix is complaining that cannot find your hostname, but the reverse DNS is working just fine. Any clue!?
Re: postfix rejecting valid mail server
T?ssio Fechine: var/log/mail.log:Jun 28 18:25:43 rt-dq postfix/smtpd[4931]: NOQUEUE: reject: RCPT from unknown[209.85.219.66]: 450 4.7.1 Client host rejected: cannot find your hostname, [209.85.219.66]; from=tess...@gmail.com to= nti-ad...@quimica.ufpb.br proto=ESMTP helo=mail-oa0-f66.google.com If you don't like that don't use reject_unknown_client_hostname. 66.219.85.209.in-addr.arpa domain name pointer mail-oa0-f66.google.com. mail-oa0-f66.google.com has address 209.85.219.66 Looks like you are using a bad DNS server. Wietse
Re: postfix rejecting valid mail server
I use reject_unknown_client_hostname at many email servers. Only this one is having a problem. Why DNS is bad if nslookup works fine? 2013/6/28 Wietse Venema wie...@porcupine.org T?ssio Fechine: var/log/mail.log:Jun 28 18:25:43 rt-dq postfix/smtpd[4931]: NOQUEUE: reject: RCPT from unknown[209.85.219.66]: 450 4.7.1 Client host rejected: cannot find your hostname, [209.85.219.66]; from=tess...@gmail.com to= nti-ad...@quimica.ufpb.br proto=ESMTP helo=mail-oa0-f66.google.com If you don't like that don't use reject_unknown_client_hostname. 66.219.85.209.in-addr.arpa domain name pointer mail-oa0-f66.google.com . mail-oa0-f66.google.com has address 209.85.219.66 Looks like you are using a bad DNS server. Wietse
Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery
On 28/06/13 23:33, John Fawcett wrote: On 28/06/13 22:30, Wietse Venema wrote: Wietse Venema: John Fawcett: I use fail2ban in order to block some types of apparently malicious connections to postfix when the clients keep retrying. For example the As you agree logging every failed command would not be safe by default. On the other hand, logging the command name (even without) parameters for every [45]XX response could be tricky. Adding IF statements all over the code is undesirable, so this would require a structural change to the command reader and responder. What about a one-line change, such that the SMTP server logs the existing per-session error counter when the connection is closed? This counter is reset upon successful completion of a (MAIL, RCPT, DATA, end-of-data) sequence. This should be sufficient to expose clients that hammer your server with unimplemented AUTH commands. Example: Jun 28 16:27:25 spike postfix/smtpd[65532]: disconnect from camomile.cloud9.net[2604:8d00:0:1::3] error_count 0 As per the patch below for any Postfix version ever released. Wietse *** ./src/smtpd/smtpd.c- Sun Jun 23 11:10:02 2013 --- ./src/smtpd/smtpd.c Fri Jun 28 16:26:41 2013 *** *** 4989,4995 * After the client has gone away, clean up whatever we have set up at * connection time. */ ! msg_info(disconnect from %s, state.namaddr); smtpd_state_reset(state); debug_peer_restore(); } --- 4989,4996 * After the client has gone away, clean up whatever we have set up at * connection time. */ ! msg_info(disconnect from %s error_count %d, ! state.namaddr, state.error_count); smtpd_state_reset(state); debug_peer_restore(); } Thanks Wietse That looks like it will do it. I did some testing on this. For the record I added the following regex in fail2ban: disconnect from (.*)\[HOST\] error_count [^0] Postfix is logging the errors and fail2ban is firing. I have to admit my own error though. While I was checking this I found some log lines further down which I had overlooked before. Jun 28 09:04:52 rosalia postfix/smtpd[10175]: lost connection after AUTH from 202-136-109-205.static.adam.com.au[202.136.109.205] So seems the attack came in two different stages, one where there were just connects and disconnects and then another where there were connects AUTH and disconencts. I mismatched the evidence from the two stages. Sorry. The lost connection after AUTH would have been more than adequate to do the blocking in the case of disallowed AUTH commands. Actually now I have to find why fail2ban didn't pick them up, but that's OT. Thanks John
Modify subject based on recipient
Does anyone know of a tool that will let me modify the subject line of all emails that pass through it? I would call it via a transport map. My application - we just switched to a new email-to-fax service. As part of their security implementation (THEIRS, not mine!) they require all emails sent to them to contain our own fax number. I want to automate this step so I don't have to hear from my users. -- Daniel
Re: postfix rejecting valid mail server
T?ssio Fechine: var/log/mail.log:Jun 28 18:25:43 rt-dq postfix/smtpd[4931]: NOQUEUE: reject: RCPT from unknown[209.85.219.66]: 450 4.7.1 Client host rejected: cannot find your hostname, [209.85.219.66]; from=tess...@gmail.com to=nti-ad...@quimica.ufpb.br proto=ESMTP helo=mail-oa0-f66.google.com Wietse: If you don't like that don't use reject_unknown_client_hostname. 66.219.85.209.in-addr.arpa domain name pointer mail-oa0-f66.google.com . mail-oa0-f66.google.com has address 209.85.219.66 Looks like you are using a bad DNS server. T?ssio Fechine: I use reject_unknown_client_hostname at many email servers. Only this one is having a problem. Why DNS is bad if nslookup works fine? Because YOU are asking as ROOT and Postfix does not? Wietse
Re: Modify subject based on recipient
On 6/28/2013 5:39 PM, Daniel L. Miller wrote: Does anyone know of a tool that will let me modify the subject line of all emails that pass through it? I would call it via a transport map. My application - we just switched to a new email-to-fax service. As part of their security implementation (THEIRS, not mine!) they require all emails sent to them to contain our own fax number. I want to automate this step so I don't have to hear from my users. http://www.postfix.org/postconf.5.html#smtp_header_checks Add this to master.cf something like this: (or if you already use a custom master.cf transport, add the -o override to that entry) # master.cf # fax_service is a copy of the smtp...smtp transport fax_service ... smtp -o smtp_header_checks=pcre:/etc/postfix/smtp_fax_header # smtp_fax_header /^Subject: / REPLACE Subject: fax from 555-1212 -- Noel Jones