Question about "envelope-from" header
Mailman Gurus --
I run a small mailman3 implementation in a VM inside Google's cloud. The same VM runs both mailman3 and postfix. Because outbound SMTP is blocked by Google, my postfix relays outbound mail through smtp-relay.gmail.com, using credentials from my google workspace account. Works pretty well.
For reasons unrelated to my mailing lists, I'd like to have the same VM provide a couple of mail aliases. Mail that comes in to " alias1@mydomain.com" should be relayed to "random1@somedomain.com". I am trying to do this by setting up virtual aliases in postfix, as per http://www.postfix.org/virtual.5.html.
This works except that smtp-relay.gmail.com rejects the forwarded message because of "invalid credentials". I believe that email going out through smtp-relay.gmail.com can only come from a small set of previously authorized domains, and a random person who sends to "alias1@mydomain.com" is unlikely to be on that list.
I think I could fix this by having postfix edit the "envelope-from" header as it relays the mail, so that the "envelope-from" header contains something like "admin@mydomain.com". Not sure, but I think so.
My question is this: If I edit the envelope-from header in my outbound emails to say "admin@mydomain.com" am I going to break my email lists? Will bounce processing still work? Will replies to the list still work?
Thanks!
-- Stephen Daniel
Stephen Daniel writes:
I think I could fix this by having postfix edit the "envelope-from" header as it relays the mail, so that the "envelope-from" header contains something like "admin@mydomain.com". Not sure, but I think so.
You can try it, but I'd bet money that it won't work. "Envelope-From" is a diagnostic convenience that often allows a mail admin to analyze problems like this one without coordinating user reports with MTA logs. If you are correct that smtp.google.com restricts the sending domains, the data smtp is looking at is *not* the Envelope-From header, it is the SMTP protocol "MAIL FROM" argument. This is data that does not appear in the mail message header unless some SMTP server arbitrarily decides to copy it into the header.
To avoid such a restriction, you need to configure Postfix to change the envelope sender in MAIL FROM to "mydomain.com". I'm pretty sure Postfix can do that conditional on the content of the message's metadata (MAIL FROM, RCPT TO) or header, but I don't know how offhand. In your example, it would be only when the SMTP RCPT TO value is "alias1@mydomain.com". Search the postconf manpage for "sender". Note that if you set up the aliases file correctly you can probably use it in the condition for this operation. Most likely just a separate alias file for your random aliases will be enough, add it to all the relevant places.
My question is this: If I edit the envelope-from header in my outbound emails to say "admin@mydomain.com" am I going to break my email lists?
No. This is effectively what happens with anonymized lists. Both the From header field and the MAIL FROM protocol argument are set to the list-post address.
Will bounce processing still work?
I think so. Pretty sure bounce processing on the bouncing side doesn't care who the envelope sender is, it is based on the RFC 822 sender, which is the Sender header field if set and the From field if Sender is not present. Maybe Errors-To enters the mix, but this is also a field in the message header. I doubt you need to make changes, and anyway if you condition the sender editing on being a random alias it won't affect Mailman at all.
Will replies to the list still work?
Yes. All autopopulation of the addressees in replies is based on the "From", "To", "Reply-To", "Cc:", and "List-Post" fileds in the RFC 822 message header (you only get the last if you're lucky, though). As mentioned above, mail clients normally have no way to know what the SMTP MAIL FROM value is.
On 9/12/23 10:45 PM, Stephen J. Turnbull wrote:
Stephen Daniel writes:
Will bounce processing still work?
I think so. Pretty sure bounce processing on the bouncing side doesn't care who the envelope sender is, it is based on the RFC 822 sender, which is the Sender header field if set and the From field if Sender is not present.
Actually, I think all modern MTAs will return DSNs (bounces) to the envelope sender (MAIL FROM address)[1] which for list mail is the, possibly VERPed, listname-bounces address. If this is altered to a different address, bounce processing won't work.
[1] See https://www.rfc-editor.org/rfc/rfc5321.html#section-4.4
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Mark Sapiro -
Stephen Daniel -
Stephen J. Turnbull