Re: how to prevent a mail loop?
- On Fri, Dec 29, 2006 at 04:18:34PM -0500, Shaun T. Erickson wrote:
> On 12/29/06, Victor Duchovni <Victor.Duchovni@...> wrote:But if the message comes back to your domain, you will reject it. You
> >On Fri, Dec 29, 2006 at 03:38:17PM -0500, Shaun T. Erickson wrote:
> >> On 12/29/06, Noel Jones <njones@...> wrote:
> >> >
> >> >There have been some other reports of forged "Delivered-To:" headers
> >> >on this list recently.
> >> Would the correct way to combat these, be to do a header check in my
> >> smtpd_recipient_restrictions and reject any email that has a
> >> Delivered-To: header in it?
> >No, you would get no mail from this list, but you could reject any
> >mail that has:
> > header-checks.pcre:
> > /^Delivered-To: \S+@example\.com(?:\s|$)/ REJECT forgery
> >provided that "example.com" is your domain, AND when mail is delivered
> >to a user either no Delivered-To header is ever added, or the mail is
> >never forwarded or resent out (mutt/pine/... users sometimes resend
> >messages with all the original headers intact).
> I often do that via the redirect plugin I installed in Thunderbird.
> But any mail I would redirect would get reinjected to postfix over the
> submission port, which is configured thusly:
> submission inet n - n - - smtpd
> -o cleanup_service_name=pre-cleanup
> -o smtpd_sasl_type=dovecot
> -o smtpd_sasl_path=private/auth
> -o smtpd_sasl_authenticated_header=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_tls_security_level=encrypt
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> which, if I understand it correctly, would skip the header check and
> let it through, yes?
may want to strip Delivered-To: headers on the submission port. In any
case think through the possible cases. Delivered-To is designed to
break (terminate) forwarding loops (often .procmailrc driven). If you
don't need it, you can disable it in various ways.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.