There were no recommendations so far, and I wonder if that means I do
have to write a before-queue content filter myself? Has nobody else yet
tried to remove headers from submitted e-mail before DKIM signatures are
added?
-------- Original Message --------
Subject: Re: Trying to use different header_checks depending on TCP port for
incoming mail
Date: Mon, 06 Sep 2010 11:29:28 +0200
From: Ralph Seichter <postfix...@seichter.de>
To: postfix-users@postfix.org
On 06.09.10 01:27, Wietse Venema wrote:
> There is an smtpd+cleanup server AFTER your content filter.
That is most likely a bad idea for my purposes. What I try to accomplish
is this:
A1: Have Postfix accept mail on port 587 from SASL-authenticated
clients only.
A2: Remove "Received:" headers to hide internal routing.
A3: Inject mail into amavisd-new for virus checks and DKIM signing.
A4: Re-inject signed mail into Postfix.
A5: Deliver mail to whereever.
B1: Have Postfix accept mail on port 25 from everybody else.
B2: Inject mail into amavisd-new for virus checks and spam checks.
B3: Re-inject checked mail into Postfix.
B4: Deliver mail via LMTP.
My current setup would break DKIM signatures by removing headers from
signed mail, so I guess I need some sort of before-queue filter as
described in http://www.postfix.org/SMTPD_PROXY_README.html ? Can you
recommend an existing software package capable of removing headers in
step A2 above, just like the line "/^Received:/ IGNORE" in a Postfix
header_checks(5) map would? I looked at http://bent.latency.net/smtpprox/
but I'd rather save the time of implementing a filter myself. Also, I
prefer well-tested code on a production server.
BTW, I am not trying to set up an open relay in step B1; there are of
course recipient checks etc.
-Ralph
