Amavisd-new policy banks and sasl_username in the returning smtpd instance
Dominic Raferd
dominic at timedicer.co.uk
Thu May 20 12:53:56 CEST 2021
On 20/05/2021 10:29, Egoitz Aurrekoetxea wrote:
> I think I have been confusing XCLIENT with XFORWARD. I saw, that
> Amavis entered in different policy banks depending in the connecting
> ip to Postfix and I though it was ... I don't distinguish between
> XFORWARD and XCLIENT really :)
>
> I have been confusing concepts I assume...
>
> So, there is no way of receiving original sasl_username from Amavis,
> in order to have it available using a Postfix policy in the returning
> back from Amavis smtpd instance?. It would be valid for me too... if
> for instance:
>
> Postfix auth -> Amavis auth -> Returning Postfix auth instance
>
> If in some manner amavis smtp feed, should had to auth always against
> final returning smtpd instance being Amavis some sort of proxy in that
> moment¿?.
>
> Any ideas about how could I achieve my goal? :)
>
A workaround is to set 'smtpd_sasl_authenticated_header = yes' in the
first (pre-Amavis) Postfix instance to add the sasl_username info to the
new Received: header, then (after this information has been used in some
way) strip it from the header in the second (post-Amavis) Postfix
instance, so it does not pass to third parties. Latter action can be
done by header_checks e.g.
if /^Received: from .*by myserver\.tld/
/^(.*)\s*\(Authenticated sender:[^)]*\)\s*(.*)/ REPLACE $1$2
endif
More information about the amavis-users
mailing list