OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bennett Todd (betrahul.net)
Date: Mon Jun 03 2002 - 08:50:52 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I hacked up such a thing in Postfix once.

    Postfix itself has no native support for doing any routing based on
    source info; neither source interface, nor source IP address, nor
    source envelope data (MAIL FROM: in the SMTP dialogue), nor From:
    header.

    I got a requirement to do this (along with a noisome collection of
    other hard requirements). To meet the needs I was already doing
    content filtering. I actually (for other reasons, different policies
    required based on different incoming interfaces) ran multiple
    postfix installs, but the exact same trick would have worked using
    Postfix's content-filtering hook with an SMTP proxy. What I did for
    source-based routing was to conditionally rewrite the RCPT TO,
    depending on what I'd seen in the MAIL FROM. If the MAIL FROM
    matched a short list of addrs I wanted to handle bizarrely, I
    rewrote the RCPT TO into XXXXXXother.domain, where XXXXXX was the
    base64 encoding of the original RCPT TO, and other.domain was a
    special reserved domain (from RFC 2606[1]). Then I used a transport
    table entry for that domain to route to a pipe transport, with a
    script that did the special funky weirdness I needed.

    Since what you fundamentally require is to have Postfix send using a
    different routing depending on sender addr, you'd need two postfix
    installs, one configured with each destination routing; you'd always
    inject into one by default, and the content filtering proxy could
    redirect into a pipe transport that then undid the thagomizing of
    the RCPT TO, and forwarded it on to the other postfix install for
    delivery.

    I used this trick rather than actually having the proxy do the full
    handling, because I found it easier to avoid any variations in the
    SMTP proxy dialogue; this was a thin proxy, it actually didn't talk
    the SMTP protocol itself at all, it just passed it back and forth
    between the Postfix smtp and smtpd, and sometimes modified things in
    passing.

    This trick is applicable only if the proportion (or absolute
    volume) of messages that need this diverting is very small; the
    handling of such a message is enormously more expensive than the
    normal flow. It's satisfactory for exceptions, it's not satisfactory
    for large volume email handling.

    -Bennett

    [1] <URL:http://www.ietf.org/rfc/rfc2606.txt>

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE8+3Q8HZWg9mCTffwRAh1AAJwM6k1NbD9mNoD3970Rs573IkkQTgCdGSJM
    JIm4gFjzIvdgh+ajt0zgbyg=
    =uM/T
    -----END PGP SIGNATURE-----

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users