Yeah, ... trying to find as reasonably simple to implement as feasible solution, that, within reason, will give something hopefully at least less broken than the current situation.
What almost looks somewhat promising, -f option to exim4 (relatively similar to sendmail) ... " -f <address> Allowing untrusted users to change the sender address does not of itself make it possible to send anonymous mail. Exim still checks that the From: header refers to the local user, and if it does not, it adds a Sender: header " ... but that may possibly cause other breakage ... e.g. DKIM, etc.? Might be other ways to process, munge, and resend/reinject the email, perhaps with less (to zero?) breakage ... but I'm still hoping for as simple as feasible. :-)
From: "Rick Moen" rick@linuxmafia.com Subject: Re: [BALUG-Talk] Recommendations for email resender/"forwarder"? (infrastructure: Debian oldstable amd64, MTA exim4) Date: Sat, 12 Aug 2017 08:02:59 -0700
Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
So, ... I'm looking for recommendations.
The basic context:
using /etc/aliases (or equivalent) to simply and directly forward/alias email out onto The Internet at large, is in general a bad idea (particularly in the days of spam, and anti-spam, etc., among other factors).
Our existing old hosting on DreamHost.com uses a fair bit of that. 8-O Need to migrate that functionality off of DreamHost.com. I'm looking for a way to make that migration that at least partially fixes the issues with such overly simplistic aliases. Notably such "aliased"/forwarded email ought be sent out with appropriate Sender: or similar header(s) (Resent-From: ?) and envelope FROM showing (re)origination from domain of the forwarding host (@balug.org or subdomain thereof).
At the risk of being useless in this matter: I got nuttin'. In hopes this will render my comment more usefuL: Basically the only thing I've ever found that is a functionally superior alternative to overly complex /etc/aliases tables is MLMs (mailing list managers).
On the minus side, those are a bit of overkill. On the plus side, they don't screw up envelope headers the way use of /etc/aliases or ~/.forward for redirecting mail intersystem does.
What do I do? I use /etc/aliases freely for redirecting mail intra-system, and with reservations to a _minor_ extent for redirecting mail cross-system. The latter are mostly legacy, old entries from the days before the spam war escalated to the insane extent it's reached currently. So, for example, around 1998 I set up an entry in /etc/aliases so that 'don@linuxmafia.com' reaches Don Marti -- but in 2017 any mail actually transiting that alias is likely to arrive looking pretty spammy to receiving MTAs.
I seriously doubt you're going to find a credible middle option. However, if you find one, I'm going to be fascinated to hear about it.