OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Address rewrite while relaying

From: George Vilches (gavthataddress.com)
Date: Mon Nov 24 2008 - 12:21:37 CST


The question: Is it possible to have a domain do address rewriting and
relaying in some combination?

The network structure is as follows:

All mail goes to a single border gateway server, which is the one that
all of the following will talk about. From this gateway, mail then
passes to a spam filtering server, with particular requirements.
Then, mail is passed to one of the internal servers.

The requirements of the spam filtering server:

1) The e-mail address arriving must be a real user (i.e. all address
resolution must already be done)
2) The e-mail address of the envelope must be the real user's e-mail
address. i.e. bobexample.org, not bobinternalrewrite.example.org.

Given that, here's what our current virtual tables look like (the last
entry was changed for illustrating the point):

example.net Domain
example.net example.org

example.info Domain
johnexample.info bobexample.org

example.org Domain
tomexample.org bobexample.org
bobexample.org bob <------ ILLUSTRATION ONLY! To point out a
real user.

What this indicates is that bob is the only real user in the entire
system, and hence the only user that mail should ever be passed
through from the border gateway server to the spam server. All other
users need their addresses resolved (or bounces need to occur) to bobexample.org
  before being passed on to the spam server. Naturally this is a
simplification, but if I can get it working for one user on one
domain, more should be straightforward.

Examples:

1) tomexample.org arrives at border gateway, gets rewritten to bobexample.org
, gets relayed to spam filtering service with new envelope sender)
2) johnexample.info arrives at border gateway, gets rewritten to bobexample.org
, gets relayed to spam filtering service with new envelope sender)
3) failedexample.net arrives at border gateway, gets rewritten to failedexample.org
, cannot be rewritten further, cannot be found, bounces.

I've tried putting bobexample.org in the transport table with a
transport of smtp:[www.xxx.yyy.zzz] which causes a relay denied
error. I've tried setting it up as a relay_domain which gets this
warning: "warning: do not list domain example.org in BOTH
virtual_alias_domains and relay_domains" and doesn't seem to give the
expected behavior anyway. I've changed the virtual alias line for bobexample.org
  to have a value of bobexample.org as well, with no change in results.

So, what do I need to do to make this work as described? Postfix's
address resolution is spectacular for our needs, which is why we don't
want to deal with some external rewriting mechanism, but we have not
been able to get both address resolution and relaying within the
domains listed.

Thanks,
George