So the company I’m working for requires some agents from our partner to be able to send email on our behalf, using our domain, from their site.
We can give them access to our Office365 smtp server but then we need to deal with authenticating them without giving them too much access, and currently there’s no way we can limit Microsoft’s smtp server to limit access from their network. Another option is to allow them to pretend to be us, masking the FROM address with email with our domain. But that poses different set of problem altogether, such as email sent from their smtp server, with our domain on the from being categorized as spam since they lack the proper DNS and PTR records.
What we can do is to provide a new SMTP server, specifically tailored for this specific function, which is sending email from specific address, with specific subject, and from specific network.
This time, I’m using a Postfix+Dovecot install on top of Ubuntu 14.04 server. Authentication and encryption will be covered by providing TLS and AUTH PLAIN. I’m not gonna go on detail on how to do Postfix+TLS+AUTH, since there are plenty enough tutorial on the internet on how to properly do that. Google is your friend… or frenemy these days… I don’t know :D. Anyway, Iptables should be sufficient for the network filtering part.
Now, for sender address and e-mail subject manipulation, what you need to do first is add a line on /etc/postfix/main.cf
smtp_header_checks = regexp:/etc/postfix/header_checks
The line will demand postfix to perform e-mail header modification in accordance to a couple of regex line jotted on /etc/postfix/header_checks. Mine looks like this:
/^From:[[:space:]]+(.*)/ REPLACE From: M5 PO Sender <firstname.lastname@example.org> /^Subject:[[:space:]]+(.*)/ REPLACE Subject: Please process PO
The first line will replace the original sender address with “M5 PO Sender <email@example.com>” and the second line will replace the subject with “Please process PO”
What we need to do next is to reload Postfix so it will read the new configuration
sudo /etc/init.d/postfix reload
Next, you can test it using simple telnet or e-mail clients such as Outlook. I have tailored a video to demonstrate them: