public
Created

Simple patch for Postfix MDA. It adds two variables: "masquerade_from_before_canonical" and "masquerade_receipt_before_canonical" which control the order masquerading and canonicalizing are applied to addresses. Default value for them is "no" i.e. use default Postfix behavior: canocalize the masquerade. If changed to "yes" then address is masqueraded first.

  • Download Gist
gistfile1.diff
Diff
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
diff --git a/src/cleanup/cleanup_init.c b/src/cleanup/cleanup_init.c
index 47ed5cf..eee839c 100644
--- a/src/cleanup/cleanup_init.c
+++ b/src/cleanup/cleanup_init.c
@@ -123,6 +123,8 @@ char *var_rcpt_canon_classes; /* what recipient to canonicalize */
char *var_virt_alias_maps; /* virtual alias maps */
char *var_masq_domains; /* masquerade domains */
char *var_masq_exceptions; /* users not masqueraded */
+bool var_masq_from_before_canon; /* masquerade from before canonicalizing */
+bool var_masq_rcpt_before_canon; /* masquerade receipt before canonicalizing */
char *var_header_checks; /* primary header checks */
char *var_mimehdr_checks; /* mime header checks */
char *var_nesthdr_checks; /* nested header checks */
@@ -180,6 +182,8 @@ CONFIG_BOOL_TABLE cleanup_bool_table[] = {
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
+ VAR_MASQ_FROM_BEFORE_CANON, DEF_MASQ_FROM_BEFORE_CANON, &var_masq_from_before_canon,
+ VAR_MASQ_RCPT_BEFORE_CANON, DEF_MASQ_RCPT_BEFORE_CANON, &var_masq_rcpt_before_canon,
0,
};
diff --git a/src/cleanup/cleanup_message.c b/src/cleanup/cleanup_message.c
index ffb5c7e..bd8c8a6 100644
--- a/src/cleanup/cleanup_message.c
+++ b/src/cleanup/cleanup_message.c
@@ -153,9 +153,17 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state,
+ strlen(hdr_opts->name) + 1,
var_token_limit);
addr_list = tok822_grep(tree, TOK822_ADDR);
+
+# define MASQUERADE_FROM() if (cleanup_masq_domains \
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM)) \
+ did_rewrite |= \
+ cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+
for (tpp = addr_list; *tpp; tpp++) {
did_rewrite |= cleanup_rewrite_tree(state->hdr_rewrite_context, *tpp);
if (state->flags & CLEANUP_FLAG_MAP_OK) {
+ if (var_masq_from_before_canon)
+ MASQUERADE_FROM();
if (cleanup_send_canon_maps
&& (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM))
did_rewrite |=
@@ -166,12 +174,13 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state,
did_rewrite |=
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_masq_domains
- && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM))
- did_rewrite |=
- cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+ if (!var_masq_from_before_canon)
+ MASQUERADE_FROM();
}
}
+
+# undef MASQUERADE_FROM
+
if (did_rewrite) {
vstring_truncate(header_buf, strlen(hdr_opts->name));
vstring_strcat(header_buf, ": ");
@@ -210,9 +219,17 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state,
+ strlen(hdr_opts->name) + 1,
var_token_limit);
addr_list = tok822_grep(tree, TOK822_ADDR);
+
+# define MASQUERADE_RCPT() if (cleanup_masq_domains \
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT)) \
+ did_rewrite |= \
+ cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+
for (tpp = addr_list; *tpp; tpp++) {
did_rewrite |= cleanup_rewrite_tree(state->hdr_rewrite_context, *tpp);
if (state->flags & CLEANUP_FLAG_MAP_OK) {
+ if (var_masq_rcpt_before_canon)
+ MASQUERADE_RCPT();
if (cleanup_rcpt_canon_maps
&& (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT))
did_rewrite |=
@@ -223,12 +240,13 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state,
did_rewrite |=
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_masq_domains
- && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
- did_rewrite |=
- cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+ if (!var_masq_rcpt_before_canon)
+ MASQUERADE_RCPT();
}
}
+
+# undef MASQUERADE_RCPT
+
if (did_rewrite) {
vstring_truncate(header_buf, strlen(hdr_opts->name));
vstring_strcat(header_buf, ": ");
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index 17546a3..3bc4eb3 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -181,6 +181,14 @@ extern char *var_masq_exceptions;
MASQ_CLASS_HDR_RCPT
extern char *var_masq_classes;
+#define VAR_MASQ_FROM_BEFORE_CANON "masquerade_from_before_canonical"
+#define DEF_MASQ_FROM_BEFORE_CANON 0
+extern bool var_masq_from_before_canon;
+
+#define VAR_MASQ_RCPT_BEFORE_CANON "masquerade_receipt_before_canonical"
+#define DEF_MASQ_RCPT_BEFORE_CANON 0
+extern bool var_masq_rcpt_before_canon;
+
/*
* Intranet versus internet.
*/

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.