Loading ...
Sorry, an error occurred while loading the content.

Separating recipient_bcc_maps from header_checks action

Expand Messages
  • eranuwak
    Hello, I have a mail server that needs to redirect incoming encrypted messages to a separate certification server, and I use a header_checks parameter to do
    Message 1 of 2 , Jun 26, 2013
    • 0 Attachment
      Hello,

      I have a mail server that needs to redirect incoming encrypted messages to a
      separate certification server, and I use a header_checks parameter to do
      this, e.g. the pcre file contains:

      /^Subject: =\?iso-8859-1\?Q\?=5Bsign=5D/ FILTER smtp:cert_server:10035

      I also have to send a copy of all unencrypted emails to a separate archiving
      system. I use recipient_bcc_maps to do this, adding a dummy domain to the
      addresses, and routing accordingly.

      However, I DO NOT want the encrypted emails to be sent to the archiving
      system, and I DO NOT want the bcc copy of the emails to be sent to the
      certification server.

      Is there a way of separating out these 2 actions? At the moment, the FILTER
      fires, so the message is sent to the certification server together with the
      BCC copy.

      I have read the documentation, and it looks like a additional port /
      instance may be required.

      Thanks,

      Robin




      --
      View this message in context: http://postfix.1071664.n5.nabble.com/Separating-recipient-bcc-maps-from-header-checks-action-tp59236.html
      Sent from the Postfix Users mailing list archive at Nabble.com.
    • Wietse Venema
      ... The simplest solution is to bcc all mail to the archive server and have the encrypted messages discarded there. Postfix has no language that supports
      Message 2 of 2 , Jun 26, 2013
      • 0 Attachment
        eranuwak:
        > However, I DO NOT want the encrypted emails to be sent to the archiving
        > system, and I DO NOT want the bcc copy of the emails to be sent to the
        > certification server.

        The simplest solution is to bcc all mail to the archive server and
        have the encrypted messages discarded there. Postfix has no language
        that supports arbitrary boolean expressions with BCC and FILTER.

        A more precise solution:

        First, use a header_checks rule to invoke the filter:
        /^Subject: =\?iso-8859-1\?Q\?=5Bsign=5D/ FILTER smtp:cert_server:10035

        Second, use an external content filter program to add the recipient:
        if subject does not match signing pattern, then add archive recipient.
        THe filter could be implemented as a Milter (Sendmail-style
        mail filter) in C, Python, Java, or other language, or as an
        SMTP-based post-queue content filter with amavisd-new etc..

        If Postfix header_checks had a BCC action then this specific case
        could be done more elegantly:

        if /^Subject:/
        /^Subject: =\?iso-8859-1\?Q\?=5Bsign=5D/ FILTER smtp:cert_server:10035
        . BCC archive-recipient
        endif

        Adding BCC is not as simple as one might expect. Generalizing
        header_checks into a content-manipulation language like AWK would
        take more effort.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.