When email is received with badly formed From/To headers:
it is rewritten the following way:
From: an evil firstname.lastname@example.org
which is very confusing for the person receiving such email.
From: an@$mydomain, evil@$mydomain, email@example.com
Zimbra default setting for postfix headers rewrite seems very reasonable and should not allow this:
The problem is that this setting does not work!
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
When incoming email scanned with amavis it gets reinjected to postfix from 127.0.0.1 source address, which falls under permit_mynetworks criterium.
As a workaround I completely disabled From/To headers rewrite:
Is there any more elegant way to resolve this issue?
Is it a bug?
PS: Zimbra version - ZCS 6.0.5 open source