On Fri, Jul 02, 2010 at 11:13:55AM +0400, Alexander Moisseev wrote:
> If you don't want to use submission, you may remove headers only
> for your local networks (but it may affect on some incoming mail):
> /^Received:.*192\.168\.0\..*/ IGNORE
> /^Received:.*192\.168\.10\..*/ IGNORE
> /^Received:.*192\.168\.252\..*/ IGNORE
This block (which could be consolidated into a single expression
using a "|" OR operator) would also remove spammer-added headers
which happen to have those IP addresses. Also, it could affect
legitimate headers from other sites.
> Also you may only replace IP in headers:
> #/^X-Original-To: .+@(domain1|domain2|domain3)\.tld$/ DUNNO
> # uncomment line above if you want keep IPs for local mail
> /^(Received: from ).*\[192\.168\..+\..+\]\)(.*)/ REPLACE ${1}localhost
> ([127.0.0.1] (may be forged by MTA))${2}
This block seems to display ignorance of the header_checks(5)
mechanics. "DUNNO" is pointless, and ALL listed header checks are
evaluated against each [logical] header line. Something similar to
what's intended might be done with an if...endif construct, but it
would be limited to acting upon a single header.
> P.S. Hiding of sender IP makes more difficult troubleshooting
> of malware incidents an so on.
Absolutely. Received: headers are your friend.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
