On Tue, Feb 13, 2024 at 12:51:51 -0500, Viktor Dukhovni via Postfix-users wrote:
> On Tue, Feb 13, 2024 at 06:32:14PM +0100, Geert Hendrickx via Postfix-users
> wrote:
> > What's the alternative for masquerade_domains ?
>
> It is canonical_maps, ideally with explicit mappings for each expected
> non-canonical address. For an outbound-only Postfix relay or submission
> instance, the canonical mapping could use wildcards or regular
> expression mappings. Though in the same context (no inbound mail) the
> use of "masquerade_domains" has little down-side.
Yes, we use masquerade_domains on an outbound mail relay for a large group
of internal servers (typically sending cron mail or other automated reports,
so no inbound mail). This was/is the classical case for masquerade_domains?
We rewrite only envelope_sender from user@host.domain to user@domain for
SPF compliance (not needing an SPF record for each individual hostname).
The From header is left alone, as it is DMARC aligned.
Achieving the same with canonical_maps would require regular expressions,
as there is no catch-all ".domain" support in canonical(5) ?
> Of course it is best dealt with at the source by configuring the
> client systems to use the correct domain.
Perhaps, but not all client systems are under our control (trusted but not
necessarily cooperative), and it is convenient to manage the (evolving)
mail policy in a central place, rather than on a large number of variour
client systems. (and even there, a single masquerade_domains setting would
be handier than an explicit canonical_maps).
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
