MTA experts: address rewriting depending on next hop

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

MTA experts: address rewriting depending on next hop

Siggy Brentrup-4
Sorry list,

if you see it again; yesterday I posted this to d-u and apart from a
quick but useless reply got no reaction.  I can't tell whether my
English is to bad, or he was just trolling.

----- Forwarded message from Siggy Brentrup <[hidden email]> -----

Date: Tue, 21 Jul 2009 13:03:01 +0200
From: Siggy Brentrup <[hidden email]>
To: Debian-User <[hidden email]>
Subject: MTA experts: address rewriting depending on next hop
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SpamProbe: GOOD 0.0000011 fa03221406f4c813c59339de01bc9946

Hi List,

to start with, it's not a vital problem, I only want to fix sth
annoying me.

As quite a number among you, I'm running a LAN connected to
the big world via switched ADSL.

I'm looking for a MTA that is capable of rewriting addresses
*only* on mails that leave the LAN.

In general I'm using postfix as MTA of choice, using generic_map for
address rewriting, but that fires whenever a message leaves the host,
hence I see external addresses even on internal mails.

With postfix a solution would be to run a second instance with it's
own queue for dispatching, passing only outbound messages to the
address rewriting instance.

Here's the question again: which one of the abundance of MTAs in
Debian is capable of address rewriting depending on destination?  

I'm not to lazy to read documentation, but if at all possible not for
all MTAs.

At present that's only an annoyance to me, but I can imagine
situations where a solution might become vital.

----- End forwarded message -----

Thanks
  Siggy

ps: moved 'End forwarded message' up, nobody needs a duplicate
    .signature
--
Please don't Cc: me when replying, I might not see either copy.
               bsb-at-psycho-dot-informationsanarchistik-dot-de
               or:                bsb-at-psycho-dot-i21k-dot-de
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: MTA experts: address rewriting depending on next hop

Izak Burger
On Tue, Jul 21, 2009 at 7:31 PM, Siggy Brentrup<[hidden email]> wrote:
> Here's the question again: which one of the abundance of MTAs in
> Debian is capable of address rewriting depending on destination?

I am pretty sure exim can do this. Chapter 24 in the manual describes
headers_rewrite which is a generic option for transports, ie it will
work for all transports including the smtp transport that is generally
the last one in the config and handles all non-local email (ie those
leaving the lan).


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: MTA experts: address rewriting depending on next hop

Siggy Brentrup-4
Hi Izak,

On Wed, Jul 22, 2009 at 09:36 +0200, you wrote:
> On Tue, Jul 21, 2009 at 7:31 PM, Siggy Brentrup<[hidden email]> wrote:
> > Here's the question again: which one of the abundance of MTAs in
> > Debian is capable of address rewriting depending on destination?
>
> I am pretty sure exim can do this. Chapter 24 in the manual describes
> headers_rewrite which is a generic option for transports, ie it will
> work for all transports including the smtp transport that is generally
> the last one in the config and handles all non-local email (ie those
> leaving the lan).

Thanks, I'll give it a try
  Siggy
--
Please don't Cc: me when replying, I might not see either copy.
               bsb-at-psycho-dot-informationsanarchistik-dot-de
               or:                bsb-at-psycho-dot-i21k-dot-de
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

[SOLVED] MTA experts: address rewriting depending on next hop

Siggy Brentrup-4
In reply to this post by Izak Burger
On Wed, Jul 22, 2009 at 09:36 +0200, Izak Burger wrote:
> On Tue, Jul 21, 2009 at 7:31 PM, Siggy Brentrup<[hidden email]> wrote:
> > Here's the question again: which one of the abundance of MTAs in
> > Debian is capable of address rewriting depending on destination?
>
> I am pretty sure exim can do this. Chapter 24 in the manual describes
> headers_rewrite which is a generic option for transports, ie it will
> work for all transports including the smtp transport that is generally
> the last one in the config and handles all non-local email (ie those
> leaving the lan).

Again, avoiding to followup to myself :-)

No, exim4 can't do it either, the reason given in
  http://wiki.exim.org/FAQ/Rewriting_addresses/Q0807
is convincing.

Keeping that in mind, I'll go for the 2 instance approach with
Postfix.

Thanks
  Siggy
--
Please don't Cc: me when replying, I might not see either copy.
               bsb-at-psycho-dot-informationsanarchistik-dot-de
               or:                bsb-at-psycho-dot-i21k-dot-de
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [SOLVED] MTA experts: address rewriting depending on next hop

Izak Burger
On Wed, Jul 22, 2009 at 10:20 AM, Siggy Brentrup<[hidden email]> wrote:
> No, exim4 can't do it either, the reason given in
>  http://wiki.exim.org/FAQ/Rewriting_addresses/Q0807
> is convincing.

Ok, your question wasn't too clear on that. I didn't know you needed
to rewrite the envelope sender based on the target domain, and quite
correctly, exim cannot do that.

I do recall doing something pretty similar at a previous employer, in
a slightly different manner. I will try and explain the setup, maybe
this can serve as inspiration.

We had three machines participating in a sort of mail network. One
machine was in a data center, receiving mail from the big bad world.
The other two lived in the offices, one in Johannesburg and one in
Cape Town, connected to the external mail server by VPN.

We also had an LDAP directory that was replicated over all three
machines, indicating what employee was in what office. We had an email
address mapping in LDAP for each employee that would map
[hidden email] to either [hidden email] or
[hidden email], with a rewrite rule configured in exim to
do the rewrite on the recipient. This only affected the envelope.

Finally each machine had appropriate routers so that the relevant
domain was delivered locally, the "other" one was sent to the other
office over the vpn, and anything outside company.co.za was sent to a
smart host.

This way, people didn't have to know about their "internal" email
address. They simply sent email using their "official external"
address as the sender, using the other person's external address as
the recipient. If the recipient happened to be in the same office as
the sender, exim would rewrite the recipient to an internal address
and it would get delivered locally. Since the headers were never
touched, nobody was the wiser about all the trickery going on in the
background.

Unfortunately I didn't keep a copy of the configuration files, and
I've left that employer some five years ago, so an explanation is the
best I can do here.

regards,
Izak


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]