From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 2835E138010 for ; Tue, 4 Sep 2012 14:15:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DE573E0330; Tue, 4 Sep 2012 14:15:08 +0000 (UTC) Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16]) by pigeon.gentoo.org (Postfix) with ESMTP id 29D83E02F0 for ; Tue, 4 Sep 2012 14:14:51 +0000 (UTC) Received: from [172.17.29.6] (vpn1.metro-data.com [65.213.236.242]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.viabit.com (Postfix) with ESMTPSA id 5694B37AF4 for ; Tue, 4 Sep 2012 10:14:48 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orlitzky.com; s=mail2; t=1346768090; bh=YzfOCIrw+CpDztMDjsccnr7FhcsOV8LVYVIaW6ygmZ4=; h=Date:From:To:Subject:References:In-Reply-To; b=Ohk6LcrsyI/SilhcxRavpbMSURt3UtSoG3pe6xZe1HYR3V94qhh8CtZ0Nd655YTz7 4FIAhTX/Mb3mxxOgvztnzbh5aolz+/sf6ikImNMjVJQzp6Rwd6K6buTN1yF9K4zzxJ 486FjyQeqkcIzVA8wOexKbT0Y+7XmvZmiu3mVfkQ= Message-ID: <50460CD7.5080501@orlitzky.com> Date: Tue, 04 Sep 2012 10:14:47 -0400 From: Michael Orlitzky User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120823 Thunderbird/10.0.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] Disclaimer to forwarded mails to external domain? References: <68C6E9C8-E76B-45A6-BA87-DE9E1B0C8439@cc.if.ufrj.br> <5017FAD1.2080708@orlitzky.com> In-Reply-To: X-Enigmail-Version: 1.3.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Archives-Salt: 0443d75c-a883-4934-94ae-ddb1b847263f X-Archives-Hash: 858e1c53217b475952b2913bcafd36b0 On 09/03/2012 05:07 PM, Vinícius Ferrão wrote: >> >> Is this so that people won't mark those messages as spam (thus pinning >> the blame on your mail server)? >> >> If so, let me assure you that it will be ignored. I've even called some >> of our customers with forwarded addresses on the phone and personally >> asked them to stop marking stuff as spam. They still ignore me. > > Actually we have user that automatic redirect messages to their personal > accounts. And this behaviour is not 100% approved by the university. So > I want to put a disclaimer in those people, as > example: john@university.com redirects > to john@gmail.com . I want to put a disclaimer in > *ALL* messages redirected to external domains. > OK disregard my cynicism then =) >> >>> The tricky part is how to detected which messages are automatically >>> forwarded to an external domain. >> >> If this is a filtering gateway, I'm guessing all of your recipients are >> listed in relay_recipient_maps? If so, you should be able to override >> the default_transport (which defaults to smtp:). >> >> For example, you could set up a disclaimer-only instance of amavis on >> port 10029, and then set the default_transport to >> smtp:[localhost]:10029. I would beware of unintended consequences, >> though. You're liable to stick a disclaimer on some things by accident. > > There's no recipient check in my mail filtering gateway. I leave this > job to my final destination. It's not easy to get the final destination > since we have some different end destination servers and a separate > mailman server. Although it isn't related to your current problem, you really must check recipient validity at receipt time. Otherwise, you're a backscatter source. If I send spam to you (To: user@invalid) claiming to be from user@example.com, you'll accept it, because you aren't validating the recipient. When you try to send it to its final destination, it will reject it, because user@invalid doesn't live there. Now, you're stuck with the message, and your filtering server will try to return it to the sender. But the sender was forged! So you wind up returning my spam to user@example.com. If it's not possible to get a list of valid recipients, you can fall back to address verification: http://www.postfix.org/ADDRESS_VERIFICATION_README.html Basically, postfix will put the sender on hold, contact the destination server in the background, check that the recipient is valid, and relay the answer to the sender. > I can't really understand your example: in this situation everything > will be "disclaimed"; and I just want to modify messages to people that > receive their corporate emails in their personal account. It depends on how you're set up. There are two transports that are basically the same[1]: 'relay' and 'smtp'. If your domains are listed in relay_domains, mail to them will be relayed to the destination via the 'relay' transport. The idea was, if all of your domains are listed in relay_domains, then any mail using the default_transport='smtp' instead of 'relay' must be going off-site. The only stuff going off-site should be mail that's being forwarded to external domains. Unfortunately, unless you validate your recipients, you'll be bouncing messages, and those go off-site too so the reasoning doesn't hold. The first thing I would do is fix your recipient validation. Once that's done, it's probably safe to add the disclaimer to the 'smtp' transport. I would also ask on the postfix-users list -- there are people there who know a lot more than I do and might be able to point out a reason why it wouldn't work. But the first thing they would tell you to do is fix the recipient validation, so you might as well get that out of the way! [1] http://www.postfix.org/ADDRESS_CLASS_README.html