Can Postfix automatically add line "Resent-From: <email address>" in the header?
Xie, Wei
Greetings,
Our OSU State University uses Microsoft exchange servers as our main email system. Many users’ email accounts are forwarding accounts, which forward emails of nam...@osu.edu (i. e. smith...@osu.edu) to other email systems such as gmail, yahoo, Hotmail, Buckeyemail, etc. Before these outbound emails are leaving from Ohio state university, they are scanned by our Security DLP (Data Loss Protection) servers on which MTA Postfix is running.
Here we have a question about postfix. When the message passes by Postfix, can Postfix automatically add line "Resent-From: <OSU email address>" in the header?
For example:
From: webm...@endeavorwebdesign.com
To: tes...@osu.edu (which is forwarded to smith...@buckeyemail.osu.edu)
The message is sent from webm...@endeavorwebdesign.com to tes...@osu.edu. The Microsoft exchange HUB server receives the message, checks AD (Active Directory) server and see this account tes...@osu.edu is forwarding account to smith...@buckeyemail.osu.edu, the HUB server delivers the message for smith...@buckeyemail.osu.edu to Security DLP (Data Loss Protection) server. After scanning, DLP (Data Loss Protection) server delivers this outbound email to next hop. On DLP server, Postfix is running. Can it automatically identify the address tes...@osu.edu in “To:” field and add the line "Resent-From: <tes...@osu.edu>" in the header before the message is handed over to next hop?
If yes, further ask: Can Postfix identify the “from address or envelope-from address” is non-OSU.EDU address or non-OHIO-STATE.EDU address (i. e. webm...@endeavorwebdesign.com), then take action to pick up “to address” (i.e. tes...@osu.edu), add the line “Resent-From: to address” (i. e. Resent-From: tes...@osu.edu) into header of message?
Here is the header of test message for the reference:
Received: from BN1PR01MB135.prod.exchangelabs.com (10.242.217.24) by
BY2PR01MB139.prod.exchangelabs.com (10.242.233.152) with Microsoft SMTP
Server (TLS) id 15.0.990.7 via Mailbox Transport; Thu, 24 Jul 2014 13:56:34
+0000
Received: from BL2PR01CA0022.prod.exchangelabs.com (10.141.66.22) by
BN1PR01MB135.prod.exchangelabs.com (10.242.217.24) with Microsoft SMTP Server
(TLS) id 15.0.990.7; Thu, 24 Jul 2014 13:56:33 +0000
Received: from BN1BFFO11FD029.protection.gbl (2a01:111:f400:7c10::1:190) by
BL2PR01CA0022.outlook.office365.com (2a01:111:e400:c1b::22) with Microsoft
SMTP Server (TLS) id 15.0.995.14 via Frontend Transport; Thu, 24 Jul 2014
13:56:33 +0000
Received: from na01-by2-obe.outbound.protection.outlook.com (207.46.163.243)
by BN1BFFO11FD029.mail.protection.outlook.com (10.58.144.92) with Microsoft
SMTP Server (TLS) id 15.0.980.11 via Frontend Transport; Thu, 24 Jul 2014
13:56:32 +0000
Received: from BN1AFFO11FD022.protection.gbl (10.58.52.33) by
BN1AFFO11HUB033.protection.gbl (10.58.52.144) with Microsoft SMTP Server
(TLS) id 15.0.980.11; Thu, 24 Jul 2014 13:56:30 +0000
Received: from cio-tnc-pf04.osuad.osu.edu (164.107.81.218) by
BN1AFFO11FD022.mail.protection.outlook.com (10.58.52.82) with Microsoft SMTP
Server (TLS) id 15.0.980.11 via Frontend Transport; Thu, 24 Jul 2014 13:56:30
+0000
Received: from CIO-KRC-HT01.osuad.osu.edu (cio-krc-ht01.osuad.osu.edu [164.107.81.37])
(using TLSv1 with cipher AES128-SHA (128/128 bits))
(No client certificate requested)
by cio-tnc-pf04.osuad.osu.edu (Postfix) with ESMTPS id BD29938005A
for <smith...@buckeyemail.osu.edu>; Thu, 24 Jul 2014 09:56:29 -0400 (EDT)
Resent-From: <smith...@buckeyemail.osu.edu> (which is the line we want Postfix to add)
Received: from na01-by2-obe.outbound.protection.outlook.com (207.46.163.243)
by CIO-KRC-HT01.osuad.osu.edu (164.107.81.37) with Microsoft SMTP Server
(TLS) id 14.3.174.1; Thu, 24 Jul 2014 09:56:27 -0400
Received: from BN1AFFO11FD018.protection.gbl (10.58.52.30) by
BN1AFFO11HUB016.protection.gbl (10.58.52.126) with Microsoft SMTP Server
(TLS) id 15.0.980.11; Thu, 24 Jul 2014 13:56:26 +0000
Received: from vps4520.inmotionhosting.com (70.39.249.76) by
BN1AFFO11FD018.mail.protection.outlook.com (10.58.52.78) with Microsoft SMTP
Server (TLS) id 15.0.980.11 via Frontend Transport; Thu, 24 Jul 2014 13:56:25
+0000
Received: from [127.0.0.1] (port=34753 helo=webmail.endeavorwebdesign.com) by
vps4520.inmotionhosting.com with esmtpa (Exim 4.80.1) (envelope-from
<webm...@endeavorwebdesign.com>) id 1XAJVR-0008Gs-8b for tes...@osu.edu;
Thu, 24 Jul 2014 09:56:25 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 24 Jul 2014 09:56:25 -0400
From: <webm...@endeavorwebdesign.com>
To: <tes...@osu.edu>
Subject: Test 4 EWD
Message-ID: <5b1dfd6d8a13ea9c...@endeavorwebdesign.com>
X-Sender: webm...@endeavorwebdesign.com
User-Agent: Roundcube Webmail/0.9.3
X-OutGoing-Spam-Status: No, score=-0.8
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps4520.inmotionhosting.com
X-AntiAbuse: Original Domain - osu.edu
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - endeavorwebdesign.com
X-Get-Message-Sender-Via: vps4520.inmotionhosting.com: authenticated_id: webm...@endeavorwebdesign.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-EOPAttributedMessage: 2
X-Forefront-Antispam-Report-Untrusted: CIP:70.39.249.76;CTRY:US;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(6009001)(438002)(199002)(189002)(80022001)(2171001)(46102001)(64706001)(86152002)(6806004)(551214005)(54356999)(36756003)(83072002)(555874004)(229853001)(44976005)(558084003)(74662001)(77982001)(107046002)(83506001)(93046001)(23676002)(92566001)(102836001)(83322001)(45086001)(31966008)(47776003)(4396001)(104016003)(71366001)(79102001)(81342001)(2351001)(50466002)(85852003)(20776003)(74502001)(83832001)(110136001)(95666004)(106466001)(107886001)(81542001)(33646002)(86362001)(21056001)(50986999)(99396002)(76482001)(85306003)(87836001)(113156001)(108616002)(24736002)(558944008)(19559445001)(15288005002);DIR:INB;SFP:;SCL:1;SRVR:BN1AFFO11HUB016;H:vps4520.inmotionhosting.com;FPR:;MLV:ovr;PTR:vps4520.inmotionhosting.com;A:1;MX:1;LANG:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
Received-SPF: Fail (: domain of endeavorwebdesign.com does not designate
207.46.163.243 as permitted sender) receiver=; client-ip=207.46.163.243;
helo=na01-by2-obe.outbound.protection.outlook.com;
Authentication-Results: spf=fail (sender IP is 207.46.163.243)
smtp.mailfrom=webm...@endeavorwebdesign.com;
Return-Path: webm...@endeavorwebdesign.com
X-Forefront-Antispam-Report-Untrusted: CIP:164.107.81.218;CTRY:US;IPV:NLI;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(6009001)(199002)(189002)(50986999)(54356999)(79102001)(81342001)(77982001)(31966008)(107046002)(107886001)(21056001)(109096001)(81542001)(2351001)(33646002)(23676002)(551214005)(558084003)(71366001)(64706001)(106466001)(46102001)(104016003)(74662001)(86362001)(50466002)(44976005)(83072002)(93346002)(4396001)(76482001)(83832001)(86152002)(80022001)(95666004)(6806004)(229853001)(105606002)(555874004)(20776003)(83322001)(45086001)(87936001)(74502001)(85852003)(85306003)(93046001)(83506001)(2171001)(110136001)(102836001)(92566001)(99396002)(36756003)(47776003)(113156001)(108616002)(24736002)(558944008)(15288005002)(19559445001);DIR:OUT;SFP:;SCL:1;SRVR:BN1AFFO11HUB033;H:cio-tnc-pf04.osuad.osu.edu;FPR:;MLV:ovr;PTR:cio-tnc-pf04.osuad.osu.edu;A:1;MX:1;LANG:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
X-Forefront-PRVS: 028256169F
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: CIP:207.46.163.243;CTRY:US;IPV:NLI;IPV:NLI;EFV:NLI;SFV:SPM;SFS:(6009001)(489007)(199002)(189002)(50986999)(36756003)(83832001)(31966008)(99396002)(77982001)(22756004)(33646002)(83072002)(83506001)(102836001)(44976005)(23676002)(54356999)(81342001)(104016003)(71366001)(4396001)(80022001)(20776003)(76482001)(86362001)(47776003)(21056001)(229853001)(64706001)(2171001)(87836001)(50466002)(74662001)(110136001)(79102001)(85306003)(95666004)(2351001)(74502001)(105606002)(107886001)(81542001)(551214005)(92566001)(85852003)(85426001)(107046002)(93046001)(46102001)(86152002)(93346002)(555874004)(6806004)(558084003)(106466001)(83322001)(45086001)(113156001)(108616002);DIR:INB;SFP:;SCL:5;SRVR:BN1PR01MB135;H:na01-by2-obe.outbound.protection.outlook.com;FPR:;MLV:ovr;PTR:mail-by2lp0243.outbound.protection.outlook.com;A:1;MX:1;LANG:;
X-MS-Exchange-Organization-Network-Message-Id: b12da29d-aa7b-4146-c1e5-08d1755e3623
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-MS-Exchange-Organization-SCL: 5
X-FOSE-spam: This message appears to be spam.
X-MS-Exchange-Organization-AuthSource: BN1BFFO11FD029.protection.gbl
X-MS-Exchange-Organization-AuthAs: Anonymous
Thanks to all in advance!
Carl Xie
OCIO/Infrastructure/Enterprise Messaging Group
Ohio State University
Viktor Dukhovni
> Here we have a question about postfix. When the message passes by Postfix,
> can Postfix automatically add line "Resent-From: <OSU email address>" in
> the header?
takes a message delivered to his mailbox (possibly long after
initial delivery) and resends it to another user (typically not an
original recipient). It is not appropriate for simple forwarding
to a recipient's mailbox.
Whatever in-band signalling you might need should be something other
than "Resent-From" (usually accompanied by Resent-To, Resent-Date, and
Resent-Message-Id).
If the forwarding is via local(8) aliases, the "Delivered-To:" header
may be something along the lines of what you're looking for.
There are also various extensions to Postfix to handle SPF and SRS.
--
Viktor.
Wietse Venema
>
> Our OSU State University uses Microsoft exchange servers as our
> main email system. Many users' email accounts are forwarding
> (i. e. smith...@osu.edu<mailto:smith...@osu.edu>) to other
> Before these outbound emails are leaving from Ohio state university,
> they are scanned by our Security DLP (Data Loss Protection) servers
> on which MTA Postfix is running.
>
> Postfix, can Postfix automatically add line "Resent-From: <OSU
> email address>" in the header?
exchange servers? Is it mail with a non-OSU envelope sender from a
system inside OSU? Must it also have a non-OSU envelope recipient?
If the rule is complex, then I recommend using an external content
filter. Amavisd-new supports policies that trigger on all kinds of
message properties. Postfix just an MTA.
Wietse
Xie, Wei
>>How would Postfix know out that mail is forwarded from OSU Microsoft exchange servers?
>>Is it mail with a non-OSU envelope sender from a system inside OSU?
>>Must it also have a non-OSU envelope recipient?
>>If the rule is complex, then I recommend using an external content filter. Amavisd-new supports policies that trigger on all kinds of message properties. Postfix just an MTA.
Thanks,
Carl
Xie, Wei
>> Here we have a question about postfix. When the message passes by
>> Postfix, can Postfix automatically add line "Resent-From: <OSU email
>> address>" in the header?
>
>>Whatever in-band signalling you might need should be something other than "Resent-From" (usually accompanied by Resent-To, Resent-Date, and Resent->>Message-Id).
>> If the forwarding is via local(8) aliases, the "Delivered-To:" header may be something along the lines of what you're looking for.
>> There are also various extensions to Postfix to handle SPF and SRS.
Thanks,
Carl
-----Original Message-----
From: owner-pos...@postfix.org [mailto:owner-pos...@postfix.org] On Behalf Of Viktor Dukhovni
Sent: Tuesday, July 29, 2014 11:32 AM
To: postfi...@postfix.org
Subject: Re: Can Postfix automatically add line "Resent-From: <email address>" in the header?
> Postfix, can Postfix automatically add line "Resent-From: <OSU email
> address>" in the header?
Viktor Dukhovni
> >> There are also various extensions to Postfix to handle SPF and SRS.
>
> Would you please talk a little more about above topic?
"Resent-From:", it is not only the wrong header to use, but the
modification is recipient dependent, and messages can have multiple
recipients, so such modifications are only possible at delivery
time, when the envelope is "split" to one recipient per transaction.
Forwarding via virtual(5) aliases happens on input, before the
envelope is split for delivery, and cannot and does not modify
message content. Forwarding to a single recipient at a time, via
a delivery agent like local(8) can modify the message content
(headers). Currently, a "Delivered-To" header is added. One might
add features to add more headers (ideally not misuse Resent-From).
You can create a pipe(8) or similar delivery agent or even an SMTP
proxy filter configured for single-recipient concurrency that
performs the relevant content modifications.
--
Viktor.
Wietse Venema
> maybe another big change to us, but this is option.
Email headers do not say where mail comes from, and they do not say
where mail goes to.
If this is a surprise to you, then you only have to look at this
mailing list message. It has my porcupine.org address in the From:
header, but it was distributed from cloud9.net. It was delivered
to you, but it does not have your address in the header.
I recommend that you read up on RFC 5321 and RFC 5322, the Internet
email standards.
Wietse
Wietse Venema
> Postfix, can Postfix automatically add line "Resent-From: <OSU
> email address>" in the header?
when it delivers mail to a non-virtual alias, or to a user. If the
user forwards the mail with a .forward file or with a procmail rule,
then the forwarded message will contain that "Delivered-To:" header.
Other forms of Postfix email forwarding silently replace the recipient
address, without adding information to the message header.
As noted in other follow-ups, Resent-from is not appropriate It
already has a meaning that is different than what you request.
Wietse