Tuesday, February 23, 2010

5. Postfix - Remote mail, Masquerading, Canonical Names & BCC Maps

Receiving Remote Mail:
 Configuring postfix to receive mail from address as "user@example.com"
    Until and unless we specify the following options the postfix server will not be able to accept the mail for the given domain.
# vim /etc/postfix/main.cf
mydomains = example.com
mydestination = $myhostname, $mydomain, localhost.localdomain
relay_domains = $mydestination
# postfix reload
    The "mydestination" derivative tells postfix that for which domains it receives the mail for. With out the domain information entry in all the three derivatives the postfix will not be able to handle the msgs destined to the domain example.com. With out this entry the postfix will bounce back the msg to the client saying the "msg loop back to my self" error.

Rewriting the Envelops and Headers In Postfix.

Defining outbound Envelop in postfix:
    When we compose and send a msg the envelop and header will reveal the senders FQDN to which we can reply to and the hops (IP address) information respectively.
Masquerading the msg:
# vim /etc/postfix/main.cf
mydomain = example.com
myorigin = $mydomain
    "myorigin" header sets the postfix to appear the msgs to be send from the domain example.com
    "Sendmail calls it masquerading and postfix calls it as myorigin"

Canonical Maps:
    In addition to the "myorigin" changes or rewrites the envelop and headers, the postfix can also perform the other hosts envelop and header rewriting based on the maps defined. Before the cleanup daemon stores inbound mail into the incoming queue, it uses the canonical table to rewrite all addresses in message envelopes and in message headers, local or remote. The mapping is useful to replace login names by Firstname.Lastname style addresses, or to clean up invalid domains in mail addresses produced by legacy mail systems. In very simple words we can change the senders from address. Canonical mapping is disabled by default. To enable, edit the canonical_maps parameter in the main.cf file and specify one or more lookup tables, separated by white space or commas. These maps are defined in two columns in a file and converted in to Berkly database.

Canonical maps can be defined in 3 ways.
    1. canonical_maps - rewrites the sender and recipient address
    2. sender_canonical_maps - rewrites the sender address
    3. recipient_canonical_maps - rewrites the recipient address
1. canonical_maps
For Example:-
# vim /etc/postfix/main.cf
canonical_maps = hash:/etc/postfix/canonical
# vim /etc/postfix/canonical
# Left side                        Right Side
# address that would like to rewrite        New Address
kiran        kiranjith.tg

# postmap canonical
    Postmap will convert the canonical file into db file.
# postfix reload
    Reloads the postfix service with new configuration.
Now In order to test the settings send a mail to user kiran being the same user that defined in the canonical map file.
# su - kiran
$ sendmail -v root

Subject:Testing the canonical maps
Now check the log and check the mail as logging as root
# tail -f /var/log/maillog
$ mutt
    Being the user Kiran check the header of the mail now. "mutt" is a CLI based mail client in which we can verify the address. We could be able to see that the envelop, both the recipient and sender has been rewritten to the information that stored in the canonical map file. Here in this scenario the mail will appear to be generated from kiranjith.tg@example.com
    If the user kiran tries to send the mail to himself in above example the mail envelop will be rewritten with respect to the canonical map defined. So in this case better to have the virtual aliases setup to get these kind of msgs delivered to user. Below example will tell how to have a work around for this issue.

2. sender_canonical_maps:
Rewriting the sender address using sender_canonical_map derivative.
    Sender canonical map only changes the senders address and it leaves the Recipient portion of the envelop untouched in case of user sending the mail to the same user or if a match found in the map file.
# vim /etc/postfix/main.cf
sender_canonical_maps = hash:/etc/postfix/canonical
# vim /etc/postfix/canonical
# Left side                        Right Side
# address that would like to rewrite        New Address
kiran        kiranjith.tg
    Same map file that used for above example can be used in this example also
# postmap canonical
    Creates the canonical db file.
# postfix reload
    Reload the service with new configuration.
        Now test the settings by sending the mail and check the headers. Here we could see that the recipient part is untouched

3. recipient_canonical_maps:
    As we discussed above this derivative will only change the recipient address in case of sending the mail to same or remote user and if the match is done in the canonical map file. Test this derivative by following the above example. Same map file can be used here as well.

Blind Carbon Copy (BCC) maps.
        This feature makes mails to be automatically BCC to defined recipients.

Using Global Method.
# vim /etc/mail/postfix
always_bcc = username
# postfix reload
# postconf  |grep always_bcc
    Now in this scenario all the mails in the system will be send as BCC to the user "username" globally. This scenario typically follows in certain corporates where all the mailing activities should be logged, such as banking industry.
"Test sending a mail by any user. and u should receive a mail BCC to the user "username"".

Using sender_bcc:
    This feature is used to always bcc the mails that comes from a perticular user(sender).
# vim /etc/mail/postfix
sender_bcc_maps = hash:/etc/postfix/sender_bcc
# vim /etc/postfix/sender_bcc
 # the sender     (tab) To whom the bcc recipient mail to go
    user                    monitoring.user
# postmap sender_bcc
    Berkley database Library and devel packages are needed to run this postmap utility. Ensure these package are installed or download and install the latest version from the sleepycat website.
# postfix reload
# postconf |grep sender_bcc
# ps -ef |grep master
    Any mails that send by the user "user" will be automatically BCC to the user "monitoring.user"

Using recipient_bcc:
    This process is just the opposite of the sender_bcc process. Here any mails that came to the given user will be BCC to the defined used in the recipient_bcc map database.