Trying to use different header_checks depending on TCP port for incoming mail

Sun, 05 Sep 2010 10:21:29 -0700 

I'm currently trying to figure out if it is possible to use different
header_checks for TCP ports 25 (mail from world) and 587 (mail submitted
by authenticated users). I tried the following without success:

  # cat /etc/postfix/master.cf
  smtp  inet  n  -  n  -  -  smtpd
   -o content_filter=amavis:[127.0.0.1]:10024
  submission  inet  n  -  n  -  -  smtpd
   -o content_filter=amavis:[127.0.0.1]:10124
   -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_sasl_type=dovecot
   -o smtpd_sasl_path=private/dovecot-auth
   -o smtpd_sasl_security_options=noanonymous
   -o header_checks=pcre:/etc/postfix/submission_header_checks
  [...]

  # postconf header_checks
  header_checks = pcre:/etc/postfix/header_checks

  # cat /etc/postfix/submission_header_checks
  /^Received: from server\.domain\.tld\b/ WARN GOTCHA-submission_header_checks

  # cat /etc/postfix/header_checks
  /^Received: from server\.domain\.tld\b/ WARN GOTCHA-header_checks

The mail log file reads:

  # cat /var/log/mail
  postfix/smtpd[14836]: connect from p57A8518F.dip.t-dialin.net[87.168.81.143]
  postfix/smtpd[14836]: setting up TLS connection from 
p57A8518F.dip.t-dialin.net[87.168.81.143]
  postfix/smtpd[14836]: Anonymous TLS connection established from
    p57A8518F.dip.t-dialin.net[87.168.81.143]: TLSv1 with cipher
    ADH-CAMELLIA256-SHA (256/256 bits)
  postfix/smtpd[14836]: 099013343B8: 
client=p57A8518F.dip.t-dialin.net[87.168.81.143],
    sasl_method=PLAIN, sasl_username=foobar
  postfix/cleanup[14841]: 099013343B8: warning: header Received: from
    server.domain.tld (p57A8518F.dip.t-dialin.net [87.168.81.143]) by
    seth.horus-it.com (Postfix) with ESMTPSA id 099013343B8??for
    <j...@somewhere.net>; Sun, 5 Sep 2010 18:57:51 +02 from
    p57A8518F.dip.t-dialin.net[87.168.81.143]; from=<r...@domain.tld>
    to=<j...@somewhere.net> proto=ESMTP helo=<server.domain.tld>:
    GOTCHA-header_checks
  postfix/cleanup[14841]: 099013343B8: warning: header Received: from
    server.domain.tld (localhost [127.0.0.1])??by server.domain.tld
    (Postfix) with ESMTPS id 44F1323A10??for <j...@somewhere.net>; Sun, 5
    Sep 2010 18:57:50 +0200 (CEST) from
    p57A8518F.dip.t-dialin.net[87.168.81.143]; from=<r...@domain.tld>
    to=<j...@somewhere.net> proto=ESMTP helo=<server.domain.tld>:
    GOTCHA-header_checks
  [...]

If I am not mistaken, this means that although the mail is arriving via
the submission port 587, /etc/postfix/header_checks matches? I was of
course aiming for /etc/postfix/submission_header_checks.

I've read http://www.postfix.org/FILTER_README.html (among other Postfix
documentation) because I wondered if content_filter influenced header_checks,
but I am none the wiser. Do I perhaps need a second cleanup service? I'd
be glad if someone pointed out what I am missing in my setup... Thank you!

-Ralph

Reply via email to