375gnu/gist:4444541

## gistfile1.diff
diff --git a/src/cleanup/cleanup_init.c b/src/cleanup/cleanup_init.c
index 47ed5cf..eee839c 100644
--- a/src/cleanup/cleanup_init.c
+++ b/src/cleanup/cleanup_init.c
@@ -123,6 +123,8 @@ char   *var_rcpt_canon_classes;  	/* what recipient to canonicalize */
 char   *var_virt_alias_maps;		/* virtual alias maps */
 char   *var_masq_domains;		/* masquerade domains */
 char   *var_masq_exceptions;		/* users not masqueraded */
+bool    var_masq_from_before_canon;	/* masquerade from before canonicalizing */
+bool    var_masq_rcpt_before_canon;	/* masquerade receipt before canonicalizing */
 char   *var_header_checks;		/* primary header checks */
 char   *var_mimehdr_checks;		/* mime header checks */
 char   *var_nesthdr_checks;		/* nested header checks */
@@ -180,6 +182,8 @@ CONFIG_BOOL_TABLE cleanup_bool_table[] = {
     VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
     VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
     VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
+    VAR_MASQ_FROM_BEFORE_CANON, DEF_MASQ_FROM_BEFORE_CANON, &var_masq_from_before_canon,
+    VAR_MASQ_RCPT_BEFORE_CANON, DEF_MASQ_RCPT_BEFORE_CANON, &var_masq_rcpt_before_canon,
     0,
 };

diff --git a/src/cleanup/cleanup_message.c b/src/cleanup/cleanup_message.c
index ffb5c7e..bd8c8a6 100644
--- a/src/cleanup/cleanup_message.c
+++ b/src/cleanup/cleanup_message.c
@@ -153,9 +153,17 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state,
 			      + strlen(hdr_opts->name) + 1,
 			      var_token_limit);
     addr_list = tok822_grep(tree, TOK822_ADDR);
+
+# define MASQUERADE_FROM() if (cleanup_masq_domains \
+    && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM)) \
+    did_rewrite |= \
+	cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+
     for (tpp = addr_list; *tpp; tpp++) {
 	did_rewrite |= cleanup_rewrite_tree(state->hdr_rewrite_context, *tpp);
 	if (state->flags & CLEANUP_FLAG_MAP_OK) {
+	    if (var_masq_from_before_canon)
+	        MASQUERADE_FROM();
 	    if (cleanup_send_canon_maps
 		&& (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM))
 		did_rewrite |=
@@ -166,12 +174,13 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state,
 		did_rewrite |=
 		    cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
 				cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
-	    if (cleanup_masq_domains
-		&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM))
-		did_rewrite |=
-		    cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+	    if (!var_masq_from_before_canon)
+	        MASQUERADE_FROM();
 	}
     }
+
+# undef MASQUERADE_FROM
+
     if (did_rewrite) {
 	vstring_truncate(header_buf, strlen(hdr_opts->name));
 	vstring_strcat(header_buf, ": ");
@@ -210,9 +219,17 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state,
 			      + strlen(hdr_opts->name) + 1,
 			      var_token_limit);
     addr_list = tok822_grep(tree, TOK822_ADDR);
+
+# define MASQUERADE_RCPT() if (cleanup_masq_domains \
+    && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT)) \
+    did_rewrite |= \
+        cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+
     for (tpp = addr_list; *tpp; tpp++) {
 	did_rewrite |= cleanup_rewrite_tree(state->hdr_rewrite_context, *tpp);
 	if (state->flags & CLEANUP_FLAG_MAP_OK) {
+	    if (var_masq_rcpt_before_canon)
+	        MASQUERADE_RCPT();
 	    if (cleanup_rcpt_canon_maps
 		&& (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT))
 		did_rewrite |=
@@ -223,12 +240,13 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state,
 		did_rewrite |=
 		    cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
 				cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
-	    if (cleanup_masq_domains
-		&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
-		did_rewrite |=
-		    cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
+	    if (!var_masq_rcpt_before_canon)
+		MASQUERADE_RCPT();
 	}
     }
+
+# undef MASQUERADE_RCPT
+
     if (did_rewrite) {
 	vstring_truncate(header_buf, strlen(hdr_opts->name));
 	vstring_strcat(header_buf, ": ");
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index 17546a3..3bc4eb3 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -181,6 +181,14 @@ extern char *var_masq_exceptions;
 				MASQ_CLASS_HDR_RCPT
 extern char *var_masq_classes;

+#define VAR_MASQ_FROM_BEFORE_CANON "masquerade_from_before_canonical"
+#define DEF_MASQ_FROM_BEFORE_CANON 0
+extern bool var_masq_from_before_canon;
+
+#define VAR_MASQ_RCPT_BEFORE_CANON "masquerade_receipt_before_canonical"
+#define DEF_MASQ_RCPT_BEFORE_CANON 0
+extern bool var_masq_rcpt_before_canon;
+
  /*
   * Intranet versus internet.
   */
	diff --git a/src/cleanup/cleanup_init.c b/src/cleanup/cleanup_init.c
	index 47ed5cf..eee839c 100644
	--- a/src/cleanup/cleanup_init.c
	+++ b/src/cleanup/cleanup_init.c
	@@ -123,6 +123,8 @@ char var_rcpt_canon_classes; / what recipient to canonicalize */
	char var_virt_alias_maps; / virtual alias maps */
	char var_masq_domains; / masquerade domains */
	char var_masq_exceptions; / users not masqueraded */
	+bool var_masq_from_before_canon; /* masquerade from before canonicalizing */
	+bool var_masq_rcpt_before_canon; /* masquerade receipt before canonicalizing */
	char var_header_checks; / primary header checks */
	char var_mimehdr_checks; / mime header checks */
	char var_nesthdr_checks; / nested header checks */
	@@ -180,6 +182,8 @@ CONFIG_BOOL_TABLE cleanup_bool_table[] = {
	VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
	VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
	VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
	+ VAR_MASQ_FROM_BEFORE_CANON, DEF_MASQ_FROM_BEFORE_CANON, &var_masq_from_before_canon,
	+ VAR_MASQ_RCPT_BEFORE_CANON, DEF_MASQ_RCPT_BEFORE_CANON, &var_masq_rcpt_before_canon,
	0,
	};

	diff --git a/src/cleanup/cleanup_message.c b/src/cleanup/cleanup_message.c
	index ffb5c7e..bd8c8a6 100644
	--- a/src/cleanup/cleanup_message.c
	+++ b/src/cleanup/cleanup_message.c
	@@ -153,9 +153,17 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state,
	+ strlen(hdr_opts->name) + 1,
	var_token_limit);
	addr_list = tok822_grep(tree, TOK822_ADDR);
	+
	+# define MASQUERADE_FROM() if (cleanup_masq_domains \
	+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM)) \
	+ did_rewrite \|= \
	+ cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
	+
	for (tpp = addr_list; *tpp; tpp++) {
	did_rewrite \|= cleanup_rewrite_tree(state->hdr_rewrite_context, *tpp);
	if (state->flags & CLEANUP_FLAG_MAP_OK) {
	+ if (var_masq_from_before_canon)
	+ MASQUERADE_FROM();
	if (cleanup_send_canon_maps
	&& (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM))
	did_rewrite \|=
	@@ -166,12 +174,13 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state,
	did_rewrite \|=
	cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
	cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
	- if (cleanup_masq_domains
	- && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM))
	- did_rewrite \|=
	- cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
	+ if (!var_masq_from_before_canon)
	+ MASQUERADE_FROM();
	}
	}
	+
	+# undef MASQUERADE_FROM
	+
	if (did_rewrite) {
	vstring_truncate(header_buf, strlen(hdr_opts->name));
	vstring_strcat(header_buf, ": ");
	@@ -210,9 +219,17 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state,
	+ strlen(hdr_opts->name) + 1,
	var_token_limit);
	addr_list = tok822_grep(tree, TOK822_ADDR);
	+
	+# define MASQUERADE_RCPT() if (cleanup_masq_domains \
	+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT)) \
	+ did_rewrite \|= \
	+ cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
	+
	for (tpp = addr_list; *tpp; tpp++) {
	did_rewrite \|= cleanup_rewrite_tree(state->hdr_rewrite_context, *tpp);
	if (state->flags & CLEANUP_FLAG_MAP_OK) {
	+ if (var_masq_rcpt_before_canon)
	+ MASQUERADE_RCPT();
	if (cleanup_rcpt_canon_maps
	&& (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT))
	did_rewrite \|=
	@@ -223,12 +240,13 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state,
	did_rewrite \|=
	cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
	cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
	- if (cleanup_masq_domains
	- && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
	- did_rewrite \|=
	- cleanup_masquerade_tree(state, *tpp, cleanup_masq_domains);
	+ if (!var_masq_rcpt_before_canon)
	+ MASQUERADE_RCPT();
	}
	}
	+
	+# undef MASQUERADE_RCPT
	+
	if (did_rewrite) {
	vstring_truncate(header_buf, strlen(hdr_opts->name));
	vstring_strcat(header_buf, ": ");
	diff --git a/src/global/mail_params.h b/src/global/mail_params.h
	index 17546a3..3bc4eb3 100644
	--- a/src/global/mail_params.h
	+++ b/src/global/mail_params.h
	@@ -181,6 +181,14 @@ extern char *var_masq_exceptions;
	MASQ_CLASS_HDR_RCPT
	extern char *var_masq_classes;

	+#define VAR_MASQ_FROM_BEFORE_CANON "masquerade_from_before_canonical"
	+#define DEF_MASQ_FROM_BEFORE_CANON 0
	+extern bool var_masq_from_before_canon;
	+
	+#define VAR_MASQ_RCPT_BEFORE_CANON "masquerade_receipt_before_canonical"
	+#define DEF_MASQ_RCPT_BEFORE_CANON 0
	+extern bool var_masq_rcpt_before_canon;
	+
	/*
	* Intranet versus internet.
	*/