On 20/05/2021 10:29, Egoitz Aurrekoetxea wrote:
I think I have been confusing XCLIENT with XFORWARD. I saw, that
Amavis entered in different policy banks depending in the connecting
ip to Postfix and I though it was ... I don't distinguish between
XFORWARD and XCLIENT really :)
I have been confusing concepts I assume...
So, there is no way of receiving original sasl_username from Amavis,
in order to have it available using a Postfix policy in the returning
back from Amavis smtpd instance?. It would be valid for me too... if
for instance:
Postfix auth -> Amavis auth -> Returning Postfix auth instance
If in some manner amavis smtp feed, should had to auth always against
final returning smtpd instance being Amavis some sort of proxy in that
moment¿?.
Any ideas about how could I achieve my goal? :)
A workaround is to set 'smtpd_sasl_authenticated_header = yes' in the
first (pre-Amavis) Postfix instance to add the sasl_username info to the
new Received: header, then (after this information has been used in some
way) strip it from the header in the second (post-Amavis) Postfix
instance, so it does not pass to third parties. Latter action can be
done by header_checks e.g.
if /^Received: from .*by myserver\.tld/
/^(.*)\s*\(Authenticated sender:[^)]*\)\s*(.*)/ REPLACE $1$2
endif
