[BBLISA] sender-specific addresses

Theo Van Dinter felicity at kluge.net
Fri May 24 12:40:36 EDT 2013 

When I moved my setup to Google Apps hosting several years ago, I had a
similar issue.  In addition, I used to have multiple users and multiple
domains setup via postfix's virtusertable, plus some aliases that work
across all domains, so even if I didn't have >30 aliases to setup per user,
there may be conflicts between domains (ie: foo at domain1 does not have the
same recipient as foo at domain2).  I ended up with a working solution for my
setup, it goes something like this:

   - the all-domain aliases (in my case theo@, tvd@, etc,) get setup as
   aliases.  most people only have a couple of these so it's fine.
   - I created a catch-all "alias" user (
   https://support.google.com/a/bin/answer.py?hl=en&answer=33962&topic=2784760&ctx=topic),
   who receives all of the mail to unknown addresses.  Then in that user
   account, I configure filters to forward mails as appropriate to other
   accounts.
   - For the alias filters, I have a couple of different types:
   - Matches: deliveredto:"@domain", Do this: Skip Inbox, Delete it.  For
      the domains where I don't want this sort of routing, just trash the mail.
      - Matches: deliveredto:"@domain", Do this: Skip Inbox, Forward to
      [user], Delete it.  For the domains where I want everything forwarded.
      - Matches: (deliveredto:"@domain"
      deliveredto:(username1|username2|...)), Do this: Skip Inbox, Apply label
      "forward-[user]", Forward to [user], Never send it to Spam.  Matches:
      (deliveredto:"@domain" deliveredto:(username3|username4|...)), Do this:
      Skip Inbox, Delete it.  Forward some usernames, blackhole
others.  Anything
      else falls into the alias user's inbox.  I can decide whether to
      blackhole+delete, or add to the forward list and then use the gmail/gdata
      API to import the message into the receipient's gmail.
      - Matches: (deliveredto:"@domain"
      -deliveredto:(username1|username2|...)), Do this: Skip Inbox, Apply label
      "forward-[user]", Forward to [user], Never send it to Spam.  Matches:
      (deliveredto:"@domain" deliveredto:(username1|username2|...)), Do this:
      Skip Inbox, Delete it.  Forward most usernames but blackhole some.

It's not perfect -- sometimes the account gets so much mail that gmail
starts temp rejecting via rate limiting.  Spammers probably won't retry,
but legit senders will, so the mail will eventually get through.  I also
hit a bug where the account would receive mail so quickly that gmail
couldn't clear out the Trash, so eventually I hit the max mailbox size.  To
deal with that, I created a second alias account, did an export/import of
the filters (and had some complications w/ the forwarding filters), then
reaimed the catchall there instead until the first account was quiet enough
to empty the Trash.  The bug got fixed, btw, so while I still have the two
alias accounts only the first one is really doing anything.

Along side all this, I came to realize that source-addressing doesn't
really do me any good.  Sure, if I start receiving messages I don't want I
would be able to figure out where they got the address from ... but so
what?  If it's spam, the spam filtering is good enough that I probably
won't notice it.  If it's for filtering, I can likely filter on other
headers.  So I don't create these sorts of addresses anymore and I actively
try to unsubscribe/resubscribe w/ the primary address instead.  These days,
the alias inbox mostly just gets leftover ham trap mail from back when I
worked on SpamAssassin, where I do an unsubscribe+delete sweep every so
often.  My goal is that someday I can turn this catch-all stuff off and be
done with it, but to be honest it's been working fine so I stopped paying
attention a while ago.

Hope this helps. :)


On Fri, May 24, 2013 at 9:06 AM, Edward Ned Harvey (bblisa4) <
bblisa4 at nedharvey.com> wrote:

> > From: bblisa-bounces at bblisa.org [mailto:bblisa-bounces at bblisa.org] On
> > Behalf Of Tom Metro
> >
> > Edward Ned Harvey wrote:
> > > I use office365.  The standard user would just login to the admin
> > > interface, and add a new alias to their account.  I scripted mine to
> > > run through powershell instead.  So it's both very user friendly, and
> > > very automatable for geeks who care.  I could be mistaken, but I
> > > think the same thing is possible on google apps; albeit, differently
> > > implemented.
> >
> > Are you "screen scraping"?
>
> Not sure what you mean by that, but if it's anything like this:
>
> http://blogs.msdn.com/b/securitytipstalk/archive/2010/04/07/what-is-screen-scraping.aspx
> then the answer is no.    ;-)
>
>
> > There is no API, that I'm aware of, for creating an alias in Google
> > Apps, unless it is something that's part of their account migration
>
> I've never dug into the google API, but it exists.  I don't know if its
> capabilities cover anything like this.  I am told that basically everything
> you do to admin your domain, can be scripted.
>
> This is the only link that I know:
> https://developers.google.com/google-apps/admin-apis
>
> It might or might not shed any illumination.
>
> But as you said, if there's a 30 alias limit per user account, that's the
> *real* obstacle.  With or without API, that's fatal for anyone who cares
> about this.
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20130524/17b8bb04/attachment.htm

More information about the bblisa mailing list