[pfx] Re: A functional lightweight reverse alias?

2024-03-02 Thread Wietse Venema via Postfix-users 
Wietse Venema via Postfix-users:
> Gerben Wierda via Postfix-users:
> > Aliases are nice, to receive mail. But when you reply, the address behind 
> > the alias is exposed.
> > 
> > To prevent that I need to create full mailboxes, which requires a lot of 
> > administration  in dovecot, postfix.
> > 
> > Suppose
> > - I am m...@mydomain.tld
> > - At evilcompany.com they know be by my alias meatevilcomp...@mydomain.tld
> > - I am mailing with marketingt...@evilcompany.com
> > 
> > Is there a way to create a lightweight 'reverse alias' for a specific 
> > target. E.g., suppose my alias is
> > 
> > meatevilcompany:me
> > 
> > then have a mail from m...@mydomain.tld to marketingt...@evilcompany.com 
> > turn into a reply from meatevilcomp...@mydomain.tld to 
> > marketingt...@evilcompany.com, but only for marketingt...@evilcompany.com 
> > or for @evilcompany.com?
> 
> This sounds like a job for one of:
> 
> - A "real" DBMS with a custom queries for forward and reverse
>   aliases/canonical mappings.
> 
> - Custom automation that generates Postfix indexed files with forward
>   and reverse aliases/canonical mappings.
> 
> - A smart mail client with custom rules.

By the way, Postfix sender rewrites are independent from recipient,
so the first two options won't work.

I can add a fourth option, though.

- Custom Milter that rewrites sender envelopes and headers depending
  on the recipient context. Milters can be implemented in many languages.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: A functional lightweight reverse alias?

2024-03-02 Thread Wietse Venema via Postfix-users 
Gerben Wierda via Postfix-users:
> Aliases are nice, to receive mail. But when you reply, the address behind the 
> alias is exposed.
> 
> To prevent that I need to create full mailboxes, which requires a lot of 
> administration  in dovecot, postfix.
> 
> Suppose
> - I am m...@mydomain.tld
> - At evilcompany.com they know be by my alias meatevilcomp...@mydomain.tld
> - I am mailing with marketingt...@evilcompany.com
> 
> Is there a way to create a lightweight 'reverse alias' for a specific target. 
> E.g., suppose my alias is
> 
> meatevilcompany:  me
> 
> then have a mail from m...@mydomain.tld to marketingt...@evilcompany.com turn 
> into a reply from meatevilcomp...@mydomain.tld to 
> marketingt...@evilcompany.com, but only for marketingt...@evilcompany.com or 
> for @evilcompany.com?

This sounds like a job for one of:

- A "real" DBMS with a custom queries for forward and reverse
  aliases/canonical mappings.

- Custom automation that generates Postfix indexed files with forward
  and reverse aliases/canonical mappings.

- A smart mail client with custom rules.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Resolve sender domains in file before resorting to database

2024-03-02 Thread Viktor Dukhovni via Postfix-users 
On Wed, Feb 28, 2024 at 12:17:27PM -0600, Joshua Flanagan via Postfix-users 
wrote:

> Anyone else have suggestions on how to make sure postfix queries a file
> table _by domain_ while still having a remote database lookup table as a
> backup/last resort?

To restrict database lookups to a subset of domains use the "domain = "
table property.  IIRC you may be able to negate the condition to exclude
all but a given set of domains, or do that with 'if !/pattern/' in regex
tables.

domain = !hash:/some/table
domain = !inline:{ {example.org = skip}, ... }
domain = pcre:{
{ if !/^example\.org$/ },
{ /^/ use },
{ endif }
}

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Configuration Settings for TLS 1.2 and 1.3 with No Weak Ciphers

2024-03-02 Thread Viktor Dukhovni via Postfix-users 
On Fri, Mar 01, 2024 at 08:58:07AM +0100, Alexander Leidinger wrote:

> > > tls_high_cipherlist=ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384;
> > 
> > Not recommended. It disables all non-AEAD ciphers, and aNULL ciphers,
> > which are fine to use.
> 
> From the OpenSSL man page:
> ---snip---
> aNULL
> The cipher suites offering no authentication. This is currently the
> anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites
> are vulnerable to "man in the middle" attacks and so their use is
> discouraged. These are excluded from the DEFAULT ciphers, but included in
> the ALL ciphers. Be careful when building cipherlists out of lower-level
> primitives such as kDHE or AES as these do overlap with the aNULL ciphers.
> When in doubt, include !aNULL in your cipherlist.
> ---snip---

That OpenSSL manpage is not aimed at opportunistic TLS, so is a poor fit
for SMTP STARTTLS.  The Postfix TLS_README and postconf(5) manpage are
more fit for purpose.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] A functional lightweight reverse alias?

2024-03-02 Thread Gerben Wierda via Postfix-users 
Aliases are nice, to receive mail. But when you reply, the address behind the 
alias is exposed.

To prevent that I need to create full mailboxes, which requires a lot of 
administration  in dovecot, postfix.

Suppose
- I am m...@mydomain.tld
- At evilcompany.com they know be by my alias meatevilcomp...@mydomain.tld
- I am mailing with marketingt...@evilcompany.com

Is there a way to create a lightweight 'reverse alias' for a specific target. 
E.g., suppose my alias is

meatevilcompany:me

then have a mail from m...@mydomain.tld to marketingt...@evilcompany.com turn 
into a reply from meatevilcomp...@mydomain.tld to 
marketingt...@evilcompany.com, but only for marketingt...@evilcompany.com or 
for @evilcompany.com?

Thx,

Gerben Wierda (LinkedIn , Mastodon 
)
R&A IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 
YouTube Channel 
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org