From estartu at augusta.de Mon Aug 6 08:15:57 2018 From: estartu at augusta.de (Gerhard Schmidt) Date: Mon, 6 Aug 2018 14:15:57 +0200 Subject: [Pymilter] use py-milter to change the routing of a Mail Message-ID: <2c153b42-fed1-d27d-b340-71dd0537741f@augusta.de> HI, I'm hosting a webapp that sends mails under many different domains. Some of these domains starting to use spf records to limit who can send mails under these domains. I can send mails from these domains via these mailservers but there is no mailserver that can send mails for all domains. I tried to find a way to do this via sendmail but didn't find a way to select specific Smart-Host based on the sender domain. Is there a way to solve this problem with py-milter. Reading the documentation i didn't find a way to influence the routing in sendmail via py-milter, but maybe I'm missed something. Regards Estartu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From stuart at gathman.org Mon Aug 6 09:44:45 2018 From: stuart at gathman.org (Stuart Gathman) Date: Mon, 6 Aug 2018 09:44:45 -0400 Subject: [Pymilter] use py-milter to change the routing of a Mail In-Reply-To: <2c153b42-fed1-d27d-b340-71dd0537741f@augusta.de> References: <2c153b42-fed1-d27d-b340-71dd0537741f@augusta.de> Message-ID: <4fdea624-4a54-d15d-2487-616645dce55f@gathman.org> Sendmail routing is controlled by mailertable.db (and SMTP AUTH passwords are stored in authinfo.db), and mailertable.db can be updated without restarting sendmail.? In most distros,? mailertable.db is writable only by root - but one solution is to make it writable by your milter.? I am assuming that you have a huge database of clients, with authorized MTA configured for each client - and therefore cannot easily use the mailertable and authinfo tables for sendmail as a static configuration. I believe you are correct in that I am not aware of any milter api substitute for mailertable/authinfo.? You could also update mailertable.db/authinfo.db whenever you update the corresponding record in your client database, but you probably have many MTAs, and therefore want to do it only when actually sending an email for a client.? Hence, doing it from milter is the optimum time to do it. On 08/06/2018 08:15 AM, Gerhard Schmidt wrote: > I'm hosting a webapp that sends mails under many different domains. Some > of these domains starting to use spf records to limit who can send mails > under these domains. > > I can send mails from these domains via these mailservers but there is > no mailserver that can send mails for all domains. I tried to find a way > to do this via sendmail but didn't find a way to select specific > Smart-Host based on the sender domain. Is there a way to solve this > problem with py-milter. > > Reading the documentation i didn't find a way to influence the routing > in sendmail via py-milter, but maybe I'm missed something. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From estartu at augusta.de Mon Aug 6 10:03:19 2018 From: estartu at augusta.de (Gerhard Schmidt) Date: Mon, 6 Aug 2018 16:03:19 +0200 Subject: [Pymilter] use py-milter to change the routing of a Mail In-Reply-To: <4fdea624-4a54-d15d-2487-616645dce55f@gathman.org> References: <2c153b42-fed1-d27d-b340-71dd0537741f@augusta.de> <4fdea624-4a54-d15d-2487-616645dce55f@gathman.org> Message-ID: Am 06.08.2018 um 15:44 schrieb Stuart Gathman: > Sendmail routing is controlled by mailertable.db (and SMTP AUTH > passwords are stored in authinfo.db), and mailertable.db can be updated > without restarting sendmail.? In most distros,? mailertable.db is > writable only by root - but one solution is to make it writable by your > milter.? I am assuming that you have a huge database of clients, with > authorized MTA configured for each client - and therefore cannot easily > use the mailertable and authinfo tables for sendmail as a static > configuration. > > I believe you are correct in that I am not aware of any milter api > substitute for mailertable/authinfo.? You could also update > mailertable.db/authinfo.db whenever you update the corresponding record > in your client database, but you probably have many MTAs, and therefore > want to do it only when actually sending an email for a client.? Hence, > doing it from milter is the optimum time to do it. Mailertable is for routing based on to: not on from: I'm trying to send a mail with a from: uuuu at xyz.com to the smarthost that is allowd to send @xyz.com mails regardless of the destination (to:) address. mails from vvvv at zyx.com will be routed over an different mailserver that is allowed to send mails for @zyx.com regardless about the destination of the Mail and so on. Regards Estartu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From stuart at gathman.org Mon Aug 6 13:46:46 2018 From: stuart at gathman.org (Stuart Gathman) Date: Mon, 6 Aug 2018 13:46:46 -0400 Subject: [Pymilter] use py-milter to change the routing of a Mail In-Reply-To: References: <2c153b42-fed1-d27d-b340-71dd0537741f@augusta.de> <4fdea624-4a54-d15d-2487-616645dce55f@gathman.org> Message-ID: On 08/06/2018 10:03 AM, Gerhard Schmidt wrote: > Mailertable is for routing based on to: not on from: > > I'm trying to send a mail with a from: uuuu at xyz.com to the smarthost > that is allowd to send @xyz.com mails regardless of the destination > (to:) address. mails from vvvv at zyx.com will be routed over an different > mailserver that is allowed to send mails for @zyx.com regardless about > the destination of the Mail and so on. Make sure you have reviewed http://www.openspf.org/Best_Practices/Email_Service_Provider Ok, I actually do routing based on MAIL FROM - but by using smtplib and sending it from the milter.? Any timeouts are reported back as 4xx.? This doesn't let sendmail queue any failures, however.? My applications route to various internal MTAs - which does not annoy any clients. You can use pysrs to rewrite MAIL FROM with your own MAIL FROM, and encoding your clients MAIL FROM with a timestamped signature in localpart.? Although why your clients would want to get any bounces (DSNs) for emails they did not generate is beyond me.??? https://github.com/sdgathman/pysrs If your client is willing to give you a password on their MTA, they can add your MTA to their sender policy.? Maybe we need to talk about what your ultimate goal is.? As best I can guess, you will be generating emails for your clients, but sending them via their own MTA.? Normally, the reason for outsourcing sending the email is to *avoid* using their own MTA.? Using the clients MTA to send the emails defeats the whole purpose of hiring you to do the sending! Assuming your clients really do want you to use their own MTAs to send outsourced emails (and have to deal with DSNs from emails you generate), you will need a socket map.? Again, I do NOT recommend what you seem to think you want to do. Changing the routing in sendmail must be done in the CF configuration (refer to the CF code for the mailertable feature) - similar to how pysrs handles changing MAIL FROM (for multiple destinations - chgfrom in the milter api affects all destinations).? You will have a socket map that sendmail consults to obtain the routing instead of mailertable.db and authinfo.db, and your python socket server will respond with the routing.?? The pysrs package can? be your starting point, showing you how to connect sendmail CF to a python socket map server. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: