Design: sender-dependent default_transport

From: Wietse Venema (no email)
Date: Sat Nov 21 2009 - 21:11:06 EST

  • Next message: Russell Jones: "Time a message is queued until a warning email is sent"

    Recently there have been requests for sending mail with source IP
    addresses that depend on the envelope sender. Sometimes the request
    appeared to be related to showshoe spamming, and sometimes it
    appeared to be a legitimate attempt to protect IP-based domain
    reputations of different customers.

    Current solution
    The current solution that Postfix offers is to use multiple instances:
    one back-end instance per source IP address, and one front-end
    instance that uses sender_dependent_relayhost_maps to choose the
    right back-end instance. That is a "heavy" solution, even though
    Postfix 2.6 multi-instance support hides most of the complexity.

    Past solutions
    Attempts to modify existing features for this job make Postfix
    harder to explain, or have negative performance impact for content
    inspection as with a recent proposal to change the meaning of a
    FILTER actions with an empty destination (this would replace FIFO
    selection by domain-based round-robin selection).

    Going back in time, the old Postfix sender_dependent_routing feature
    was withdrawn a few years ago because it replaced ALL mail routing
    decisions by sender-based routing. That broke deliveries to local
    recipients, and was therefore not good for a general-purpose MTA.

    A promising solution
    The solution is not to make ALL routing decisions dependent on the
    sender address, but ONLY the routing decisions for mail that leaves
    the machine.

    A sender-dependent default_transport would change the meaning of
    default_transport (namely, giving default_transport a lower precedence
    than sender_dependent_default_transport_maps) and introduces a few
    new parameters.

    (It looks like a sender-dependent default_transport would do the
    job. It does not seem to make sense to make relay_transport also
    sender-dependent, because relay_transport is supposed to be used
    only for domains Postfix is MX host for.)

    The draft design looks like this:

    default_transport (default: smtp)
           The default mail delivery transport and next-hop destination for desti-
           nations that do not match $mydestination, $inet_interfaces,
           $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, or
           $relay_domains. In order of decreasing precedence, the nexthop desti-
           nation is taken from $default_transport, $sender_dependent_relay-
           host_maps, $relayhost, or from the recipient domain. This information
           can be overruled with the sender_dependent_default_transport_maps
           parameter and with the transport(5) table.

           Specify a string of the form transport:nexthop, where transport is the
           name of a mail delivery transport defined in The :nexthop
           part is optional. For more details see the transport(5) manual page.


           default_transport = uucp:relayhostname

    sender_dependent_default_transport_maps (default: empty)
           A sender-dependent override for the global default_transport parameter
           setting. The tables are searched by the envelope sender address and
           @domain. A lookup result of DUNNO terminates the search without over-
           riding the global default_transport parameter setting. This informa-
           tion is overruled with the transport(5) table.

           For safety reasons, this feature does not allow $number substitutions
           in regular expression maps.

           This feature is available in Postfix 2.7 and later.

    empty_address_default_transport_maps_lookup_key (default: <>)
           The sender_dependent_default_transport_maps search string that will be
           used instead of the null sender address.

           This feature is available in Postfix 2.7 and later.

    address_verify_sender_dependent_default_transport_maps (default: empty)
           Overrides the sender_dependent_default_transport_maps parameter setting
           for address verification probes.

           This feature is available in Postfix 2.7 and later.

    A first stab at some code looks promising. I'll run tests as time
    is available, but I am currently busy with reviewing research
    proposals, and that will take most cycles until early December.


  • Next message: Russell Jones: "Time a message is queued until a warning email is sent"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD