DevHeads.net

Mail routing depending on subject or body

Hello,

we will install an mail encryption appliance (totemo) in our organization.

I have to configure Postfix (2.6.6) to route the emails to this appliance if certain conditions apply:

For outbound mail:
RULE 1. If the subject contains the string "#secure"
This indicates that the mail has to be encrypted and that it has to be passed to the ip-address of the encryption appliance.
The appliance will encrypt the mail, remove the string from the subject and pass it back to the mx-er.

For inbound mail:
RULE 2. If the mail body contains any of the following strings that indicate the email is encrypted and has to be decrypted:
Content-Type: includes "application/pkcs7-mime" oder "application/x-pkcs7-mime"
Content-Type: includes "multipart/signed" sowie "application/pkcs7-signature" oder "application/x-pkcs7-signature"
Content-Type: includes "application/octet-stream" und "p7m", "p7s" oder "p7c" im Dateinamen
This indicates that the mail has to be decrypted and that it has to be passed to the ip-address of the encryption appliance.
The appliance will decrypt the email and pass it back to the mx-er.

If I cannot distinguish between outbound and inbound mail after RULE 1, the mail body will indicate that the mail is encrypted and RULE 2 will apply. This has to be avoided.

I have tried header_checks:

/^subject:.*#secure.*/i FILTER smtp:ip-addr

But this solves my problem only partially, because encryption RULE 2 would apply.

I'd be glad about any hint or idea how to solve this redirection problem.

Thank you and kind regards,
Uri

Comments

Re: Mail routing depending on subject or body

By Noel Jones at 10/12/2017 - 11:37

On 10/12/2017 8:47 AM, Liebeskind Uri (luri) wrote:

Use mime_header_checks to filter messages based on content-type headers.

To prevent loops, use multiple postfix instances:
- All mail enters postfix "main" postfix instance.
- "main" instance delivers to either crypto appliance or final
destination based on FILTER criteria
- crypto device processes mail and delivers it to the "post-crypto"
postfix instance.
- No filtering configured on post-crypto postfix instance
- post-crypto postfix instance delivers mail either to internal
mailbox or external destination.

<a href="http://www.postfix.org/postconf.5.html#mime_header_checks" title="http://www.postfix.org/postconf.5.html#mime_header_checks">http://www.postfix.org/postconf.5.html#mime_header_checks</a>
<a href="http://www.postfix.org/header_checks.5.html" title="http://www.postfix.org/header_checks.5.html">http://www.postfix.org/header_checks.5.html</a>
<a href="http://www.postfix.org/MULTI_INSTANCE_README.html" title="http://www.postfix.org/MULTI_INSTANCE_README.html">http://www.postfix.org/MULTI_INSTANCE_README.html</a>

-- Noel Jones