|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Harald Rudell (harald.rudell
gmail.com)
Date: Sun Nov 11 2007 - 00:34:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey all,
How do you configure postfix to execute address masquerading for all mail
submitted through a particular smtpd port?
Many of the options of Postfix assumes that you know your local hostname,
your local subnet or IP address, or what interface local mail is coming
from. On today's Interent, however, the situation is rather that either you
are authenticated (sasl or certificate), or you are a part of the general
public. Therefore, to prevent the general public to do forensic stalking or
other mailicious attacks on our innocent computers we might want to use
address masquerading. This masquerading makes mail (in the header fields)
appear to be originating from the Postfix mail server rather than the
submitting machine. It appears such general construct is not easily
accomplished in Postfix.
The situation
1. on a separate port in master.cf, separate from the public's port 25, we
have smtpd using enforced encryption and authentication (-o
smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes)
2. We want all mail submitted to smtpd through this port to be masqueraded,
ie. the mail headers "Received:" field should be that of the mail server
rather than the submitting client. This means we want to remove the
submitting client's Internet IP address, Internet domain name, and local
hostname from the mail headers. Instead, these values should be that of the
mail server itself.
3. Note that we do not know these values (the client's curernt IP address,
the client's current domain name, or the client's local hostname) why these
can not be used for lookup of filtering. All we know is that this client is
authenticated, and the line in master.cf that allows that input.
4. Hopefully there is a magic option like -o
masquerade_me_please or no_headers_on_this _one that we can insert into
master.cf?
Garetful for any help...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]