I'm using Postfix 2.3.3 (from CentOS 5.5) and am trying to rewrite the initial Received: header on messages for which the sender is SMTP AUTH'd already (due to the original IP in the headers causing spam scanners to give bad scores to legitimate messages). A bit of searching had turned up this message in a perfectly relevant thread from not long ago:
http://archives.neohapsis.com/archives/postfix/2009-03/0331.html However, the problem I'm having is that the Received: header is still not being rewritten. If I move the test to "further along" then it's seen, but then the rewrite would be tripped (or at least checked) on many more messages than we need or desire. *) When is the Received: line actually written to the message? If it's after cleanup runs, then this is moot and I will have to figure a different way of doing things (I have an idea already [1]) *) If the Received: header is written either before smtpd->cleanup or before header_checks would run, then why isn't this finding it? The workflow in this case: Port 587 smtpd -> separate cleanup instance -> separate amavisd-new instance (port 10026) -> internal delivery queue (port 10025) Normal messages: port 25 smtpd -> standard cleanup -> amavisd-new (port 10024) -> internal delivery queue (port 10025) relevant master.cf bits (using port 20000 instead of 587 for testing right now, so the submission port is unaffected by tests): 20000 inet n - n - - smtpd -o cleanup_service_name=cleanup_submission -o smtpd_proxy_filter=127.0.0.1:10026 -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_etrn_restrictions=reject -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes cleanup_submission unix n - n - 0 cleanup -o header_checks=pcre:/etc/postfix/received_mask received_mask: /^Received: from (.*)(\(using TLS.*)by mail\.astro\.princeton\.edu \(Postfix\) (.*)/ REPLACE X-Submitted: to mail.astro.princeton.edu $2 $3 Example header: Received: from xanadu.astro.princeton.edu (xanadu.astro.Princeton.EDU [128.112.24.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: huston) by mail.astro.princeton.edu (Postfix) with ESMTP for <hus...@srhuston.net>; Thu, 9 Sep 2010 12:37:31 -0400 (EDT) 1: The idea, if the header is written too late for what I want to do, is to split off a new "internal queue"; have the submission-only-amavisd instance pass to port 10027 or whatever, and run the header_check there. Would still limit the check and rewrites to only mails that come in via AUTH'd users, which is the end goal. -- Steve Huston - W2SRH - Unix Sysadmin, Dept. of Astrophysical Sciences Princeton University | ICBM Address: 40.346525 -74.651285 206 Peyton Hall |"On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1'
