Hi there, Even if the filter

dgerisch1 · ‎09-30-2015

Can I rewrite the recipient address with a message filter using a regular expression?

I have a problem that a misconfiguration of my email servers sometimes sends out messages From: user.postoffice.system@email_domain_name

So when someone replies to this message, the reply is To: user.postoffice.system@email_domain_name

Problem is, for an LDAP recipient address check, this format of address fails the LDAP query. On the other hand, user@email_domain_name would work just fine.

So what I would like to do is to re-write the recipient address from user.postoffice.system@email_domain_name to user@email_domain_name

(Actually, I would also like to re-write the sender address, to, if it is about to escape - but I think I can handle that with Postfix internally).

I think if I could do this in a message filter, I might be able to get the re-write to happen before the LDAP recipient address check.

So far, my attempts to use a regular expression in the filter action alt-rcpt-to( ) have been met with errors. The documentation for alt-rcpt-to( ) shows static examples of changed recipients; but, it doesn't explicitly say a regular expression won't work.

I tried a message filter with

if (rcpt-to == "\\.postoffice\\.system")

{

edit-header-text (‘To’, ‘\\.postoffice\\.system\\s*’,’’);

}

but although the rule condition matched, the rule action did not replace the recipient.

So the two questions are: Can I rewrite the recipient address with a message filter using a regular expression? -or- Is there some other technique I should use to re-write the recipient address?

Thank you in advance for any help you can give me.

Hrvoje (Harry) Dogan · ‎10-01-2015

Hi there,

Even if the filter would work, it would not achieve what you are looking for, because you're changing the "To" header, and recipient validation works with Envelope To. Furthermore, both Message and Content Filters are executed after LDAP recipient validation in the pipeline.

I can think of four possible solutions to your problem - none of which are perfect:

a) if you can add an attribute in your LDAP schema containing the additional user.postoffice.system email address to each user entity, that would be the best approach. Because then you could rewrite those addresses into their regular form both coming in and going out using LDAP routing and masquerading

b) if your downstream mail system (you mentioned Postfix?) will accept messages for those addresses, you can configure SMTP callahead alongside LDAP recipient validation. Any recipients that fail to validate via LDAP will fall back to SMTP callahead.

c) if the number of users susceptible to this behavior is relatively limited, you can use onbox alias and masquerade tables to rewrite addresses coming in and going out. That would be a rough equivalent of doing it with LDAP above, albeit with a significantly higher administrative burden. Alias and masquerade tables require a 1:1 relationship (or 1:many, but that's less relevant in this case), so you would have to list every single address.

d) add those email addresses explicitly to Recipient Access Table - same amount of work as option c), with no benefits of address rewriting, so I wouldn't even consider it... I'm just listing it for completeness :)

I hope some of those suggestions will be doable.

dgerisch1 · ‎10-01-2015

Thank you very much Hrvoje. That is a very complete answer, and explains to me things I did not understand.

I think I will try to go with a), as we have someone here who knows Powershell, and may be able to integrate that and some other data to come up with another proxyAddress that matches what the user has.

I appreciate your answer.