Hi Dennis, Be warned: header rewriting may be like opening pandoras box, especially if the messages you massage are already DKIM signed.
Dennis Weber <dennis.we...@atwork-it.com> (Sa 22 Apr 2017 23:01:26 CEST): > Hi Community, > > I am currently working on a project for a transparent Rewrite Gateway which > shall mask two independent Exchange Organizations behind a third domain. > First I tried to solve this task by using a Postfix server, but Postfix was > not able to rewrite the "From" and "To" the way the gateway is a completely > independent black box, because incoming mail got a rewritten "To" field, but > the mail was still delivered with the new domain suffix of which the internal > mail server don't know anything from. Header rewriting doesn't imply any impact to the routing, as the headers are not relevant for SMTP mail routing. I'm not sure, if you need any other component of Postfix to change the mailrouting, not only the headers. I'm not a Postfix expert at all… … > Till now I was not able to solve my issues with Postfix and I hope, that Exim > will be a better choice for my project. Can you tell me if it is possible to > solve my issues with Exim to create a real rewrite gateway? If it is not > possible, do you have some more information for me on why it can't be done? > > My Gateway shall: > > * Relay domains @internal1.com and @internal2.com to extern as > @newcorp.com Yes, it's possible. You can rewrite any address header and even the SMTP MAIL FROM (return path). This can be done by simple replacement logic, by lookups (flat files, database, directory service), by using the optionally embedded Perl interpreter or by external programs. > * Rewrite incoming mails from @newcorp.com to @internal1.com or > @internal2.com It's first a matter of routing (redirect) and then, if you really need to, a matter of header rewrting. Same options as above.. > * Transport mails to both internal organizations I do not see the challenge here. > * Exclude S/MIME encrypted and/or signed mails from rewriting Why? Signatures/Encryption (S/MIME, PGP/MIME) shouldn't care about rewritten headers. DKIM does. But, anyway, if it comes to header rewriting, it *should* be possible to do it conditionally on detected Content-Type headers (not sure here, because I do not now the exact processing stage where the header rewriting takes place. If the DATA ACL is run before rewrting takes place, you can make rewriting conditional on the content of the message headers) > * Besides regular mail the gateway also needs to rewrite meeting requests > and other types of mails coming from and to an exchange server This reads like content modification. In theory it's possible via transport filters (or even in the DATA ACL (while this isn't officially supported, as the ACL are designed for *evaluating*, not for message mangling). Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/