On Tue, Feb 04, 2025 at 08:17:08PM -0500, postfix--- via Postfix-users wrote:
> > If the intent is to only censor submission, This is not correct, it will
> > drop all "Received" headers from any mail that is not delivered locally,
> > so entirely unsuitable for relaying non-submission mail, risks mail
> > loops (the Received hop count is no longer effective), ...
>
> I see, I did not consider being a rely. I was coming from a place of my
> server only sends my email, and isn't a relay for other purposes.
>
> What would be the appropriate way to strip submission source IP's in case
> one were to add relaying?
> Or is waiting for the new `smtpd_hide_session_info` the only answer?
I have:
$ postconf -fP '*/inet/cleanup_service_name'
smtp/inet/cleanup_service_name = icleanup
$ postconf -Mf icleanup/unix
icleanup unix n - n - 0 cleanup
-o force_mime_input_conversion=no
$ postconf -Mf cleanup/unix
cleanup unix n - n - 0 cleanup
-o milter_macro_daemon_name=ORIGINATING
The latter (default) cleanup instance handles submission, and one can,
if desired, configure appropriate "header_checks" there:
# postconf -P \
cleanup/unix/header_checks='pcre:{{/^Received: from .*\n\t(by
$myhostname .*)/ REPLACE Received: $$1}}'
cleanup/unix/nested_header_checks=
cleanup/unix/mime_header_checks=
# postfix reload
[ Note the single '$myhostname' and double '$$1'.
When using a file-based PCRE table, rather than inline PCRE, the
hostname would have to be written verbatim, and "$$1" would be "$1" ]
Changes in master.cf require a reload to take effect.
The last two parameters are set explicitly empty, since they otherwise
default to the header_checks, and attached messages and MIME headers
should be left unmolested by censoring of submission origin IPs.
One can also place the definitions in main.cf, and configure master.cf by
reference:
# postconf -M \
'mua_header_checks = pcre:{{/^Received: from .*\n\t(by $myhostname .*)/
REPLACE Received: $$1}}' \
'mua_nested_header_checks =' \
'mua_mime_header_checks ='
# postconf -P \
'cleanup/unix/header_checks = $mua_header_checks' \
'cleanup/unix/nested_header_checks = $mua_nested_header_checks' \
'cleanup/unix/mime_header_checks = $mua_mime_header_checks'
# postfix reload
[ The single quotes are important to avoind the shell doing "$variable"
expansion. ]
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
