Aliasdetourhost, aliasoptindetourhost Channel Options

From Messaging Server Technical Reference Wiki
Jump to: navigation, search

Force "detour" routing of hosted users (aliasdetourhost, aliasoptindetourhost)

The (new in iMS 5.2p2, and MS 6.1) aliasdetourhost channel option allows source-channel-specific overriding of hosted users' mailHost attribute value. In particular, aliasdetourhost is commonly used to achieve a "detour" in the routing of messages destined for local (hosted on this system) users. It allows better configuration and use of "intermediate filtering" sorts of channels and third party filtering hosts.

The aliasdetourhost channel option takes a single host/domain name as an argument. When specified on a source channel, this channel option causes alias expansion of addresses stored in LDAP to stop (short-circuit) just prior to the point where mailHost (more precisely, the attribute named by the ldap_mailhost MTA option) information is checked. The host specified by the aliasdetourhost channel option is used as the (assumed to be non-local) mailHost. That is, a source route containing the specified host is added to the address (just as if a non-local mailHost had been found) and processing continues onward from that point. Note that in particular, this forced use of the aliasdetourhost specified host as a non-local mailHost stops further expansion of the alias for purposes of things such as application of user forwarding and Sieve filter application (which normally would occur subsequently during alias expansion when a user's real mailHost is this MTA).

Thus use of aliasdetourhost on an incoming channel lets the MTA do address validation (check that an incoming address corresponds to a valid user entry), while "delaying" complete expansion and processing (in particular, forwarding and Sieve evaluation) of the valid local recipient addresses. This combination of effects is potentially very useful.

A typical application of this channel option is for purposes of "detouring" messages through a special channel or host, most often for purposes of spam/virus filtering. It is often used in conjunction with use of an "alternate" conversion channel for such "detour" purposes, where the "alternate" conversion channel approach is used to handle cases of non-local recipient addresses, while aliasdetourhost is used to handle cases of local-to-this-mailHost recipient addresses. (Use of an "alternate" conversion channel approach for a routing "detour" on local-to-this-mailHost recipient addresses incurs various problems, in particular in the areas of forwarding and Sieve filter evaluation timing. It is desirable to delay Sieve filter evaluation until after the "detour" - for instance, so that Sieve filters can look for headers added by the "detour" host. It is also desirable to delay application of user forwarding until after the "detour", to avoid potential duplication of the forwarding. Such a delay in the final parts of user alias expansion is exactly what aliasdetourhost can be used to achieve.)

The (new in MS 6.2p4) aliasoptindetourhost option has the same function as aliasdetourhost, except that it only applies for users in LDAP who have "opted-in" via whatever user attribute is named by the ldap_detourhost_optin MTA option, or whatever domain attribute is named by the ldap_domain_attr_detourhostoptin MTA option. The argument of the aliasoptindetourhost channel option specifies a list of detour hosts separated by commas. The value(s) of the optin attribute are compared with the list; the first match will be used as the "override" mailHost for any users who are "opted-in". However, any attribute that doesn't contain at least one period (which would be necessary to match a legitimate mail host) is treated as an effective wildcard; the first host from the list will be used in this case.

Finally, if the option value matches the special value specified by the aliasdetourhost_null_optin MTA option it will simply be ignored. This mechanism is provided to accomodate provisioning systems that insist on every known attribute having a value. Omitting the attribute value entirely is the preferred method for disabling detour processing, however.

One disadvantage of using aliasoptindetourhost is that all alias expansion is deferred, including expansions that result in mail being discarded. This can lead to messages sent to the bitbucket wasting processing resources.

One way to work around this problem is to use a $* rewrite rule and an associated mapping to direct such addresses to the bitbucket channel, bypassing any use of aliasdetourhost. For example:

$*              $E$F${bitbucket_check,$U$@$H}

BITBUCKET_CHECK     $Y$$U%$$H@bitbucket-daemon  $Y$$U%$$H@bitbucket-daemon

This will caused any mail sent to and to be discarded before any other lookups or redirection.

See also: