OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
another x-original-to question...

From: Zivago Lee (zziff.net)
Date: Tue Aug 28 2007 - 03:06:25 CDT


Hello All,

I have another x-original-to question. I've been searching thru this
and the amavisd-new list but I just wanted to make sure there was no
other way around on this...

Premise:
1. This server uses unix accounts as their mailboxes
2. This server uses virtual aliases for their unix accounts
3. This server has it setup to do alias rewriting *before* the content
filter (amavisd-new)

Reasons for #3:

1. White/Blacklist functionality with the local unix accounts
2. MailZu login with imap (local unix accounts)
3. amavisnewsql squirrelmail plugin with imap (local unix accoutns)

All email users on this server logs in with their unix accounts. They
also login to webmail (Squirrelmail).

Notes:
If I set the address rewrite to happen *after* the content filter, the
aliases for those unix accounts (unless the alias is specifically
specified), none of the user specific filters (W/B list, specific user
settings) will be recognized.

Example:

unix account: foo
virtual domains: domain.com, anotherdomain.com
aliases: foodomain.com, bardomain.com, blahanotherdomain.com

The user logs in with imap and webmail with user foo. Amavisnewsql's
and MailZu's default domain is domain.com.

#1

If any email that comes in for foodomain.com, any specific W/B lists
will be processed correctly since that is what is setup for amavisnewsql
(Email column in users table). It will also properly quarantine emails
properly depending on the user prefs as well.

#2

If any email that comes in for bardomain.com (or
blahanotherdomain.com), the W/B lists will be ignored since there is
user specific settings for these email addresses. They will all go thru
the default system filters setup in amavisd-new (no user prefs).

Now, I set it to do address rewriting *before* the content filter:

#3

If any email that comes in for foodomain.com, bardomain.com, or
blahanotherdomain.com, since the address rewriting happens before the
content filters, they all rewrite to foodomain.com. This makes sure
that all email coming in that is aliased to foodomain.com will all hit
the correct prefs setup by the user foo.

However, this also rewrites the X-Original-To header. So, I was
wondering, if there was a way to do #3, but also keep the original
header. Here is a clip of a logfile of #3:

--
Aug 27 16:23:21 www postfix/smtpd[26702]: NOQUEUE: filter: RCPT from
cpe-76-170-237-134.socal.res.rr.com[76.170.237.134]: <bardomain.com>:
Recipient address triggers FILTER smtp-amavis:[127.0.0.1]:10024;
from=<yahooyahoo.com> to=<bardomain.com> proto=SMTP helo=<localhost>
Aug 27 16:23:21 www postgrey: action=pass, reason=client whitelist,
client_name=cpe-76-170-237-134.socal.res.rr.com,
client_address=76.170.237.134, sender=yahooyahoo.com,
recipient=bardomain.com
Aug 27 16:23:21 www postfix/smtpd[26702]: 8BC09187832:
client=cpe-76-170-237-134.socal.res.rr.com[76.170.237.134]
Aug 27 16:23:25 www postfix/cleanup[26705]: 8BC09187832:
message-id=<20070827232321.8BC09187832domain.com>
Aug 27 16:23:25 www postfix/qmgr[26701]: 8BC09187832:
from=<yahooyahoo.com>, size=382, nrcpt=1 (queue active)
Aug 27 16:23:26 www postfix/smtpd[26702]: disconnect from
cpe-76-170-237-134.socal.res.rr.com[76.170.237.134]
Aug 27 16:23:33 www postfix/smtpd[26713]: connect from
localhost[127.0.0.1]
Aug 27 16:23:33 www postfix/smtpd[26713]: F16B9187833:
client=localhost[127.0.0.1]
Aug 27 16:23:34 www postfix/cleanup[26705]: F16B9187833:
message-id=<20070827232321.8BC09187832domain.com>
Aug 27 16:23:34 www postfix/smtpd[26713]: disconnect from
localhost[127.0.0.1]
Aug 27 16:23:34 www amavis[26464]: (26464-01) Passed SPAMMY,
[76.170.237.134] [76.170.237.134] <yahooyahoo.com> -> <foodomain.com>,
Message-ID: <20070827232321.8BC09187832domain.com>, mail_id:
6BCxB4jnWyPJ, Hits: 11.963, queued_as: F16B9187833, 8192 ms
Aug 27 16:23:34 www postfix/qmgr[26701]: F16B9187833:
from=<yahooyahoo.com>, size=1187, nrcpt=1 (queue active)
Aug 27 16:23:34 www postfix/lmtp[26706]: 8BC09187832:
to=<foodomain.com>, orig_to=<bardomain.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=7.6/0.01/0.01/8.2,
dsn=2.6.0, status=sent (250 2.6.0 Ok, id=26464-01, from
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as F16B9187833)
Aug 27 16:23:34 www postfix/qmgr[26701]: 8BC09187832: removed
Aug 27 16:23:34 www postfix/local[26715]: F16B9187833:
to=<foodomain.com>, relay=local, delay=0.15, delays=0.09/0.01/0/0.06,
dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION"
DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir)
--

On this line:

Aug 27 16:23:34 www postfix/lmtp[26706]: 8BC09187832:
to=<foodomain.com>, orig_to=<bardomain.com>,
relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=7.6/0.01/0.01/8.2,
dsn=2.6.0, status=sent (250 2.6.0 Ok, id=26464-01, from
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as F16B9187833)

I can see amavisd-new reinjecting the mail back to postfix and it shows
the proper orig_to but why does Postfix rewrite the X-Original-To
header? Am I missing some variable to disable rewrites? I already have
this in the reinjection service:

--
127.0.0.1:10025 inet n - n - - smtpd
.
.
.
    -o
receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks
    -o local_header_rewrite_clients=
--

Thanks in advance for any assistance!
Zivago

--
Zivago Lee <zziff.net>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBG09eBH0I0u5ZffZkRAmWEAJ9GAWTtVCtceLOark0A9hACOpxWWgCePKL9
2m63KXp5xGkLEwznukJybTY=
=Iz5s
-----END PGP SIGNATURE-----