Le 29/12/2010 22:29, Phil Howard a écrit :
> On Wed, Dec 29, 2010 at 15:43, Victor Duchovni
> <victor.ducho...@morganstanley.com> wrote:
>> On Wed, Dec 29, 2010 at 03:33:43PM -0500, Phil Howard wrote:
>>
>>> As I understand header_checks, it removes only what is already in the
>>> message.
>>
>> The header_checks(5) code is implemented by cleanup(8) which processes
>> the message passed to it by smtpd(8). The "Received" header that
>> records the original client IP is added by smtpd(8) and is seen by
>> cleanup(8). Therefore, this header can be removed via header_checks(5).
>
> OK, sot it will apply to all headers after the instant one is added.
> Now the issue remains how to match the one just added and not others
> that existed before it
it will remove any header (including the one added by smtpd) that match
your regular expression.
you have two options:
1) do not remove this header in postfix. remove it outside (maildrop can
do this easily, as its matching only applies once, by default). or don't
remove it and adjust whatever program is using the headers.
2) remove it only for submitted mail (outbound mail). For this, you need
to separate mail flow: inbound vs outbound mail.
3) remove it for all mail, and accept the fact that it will also
disappear when it was added by external MTAs (or by spammers).
to reduce the risks of matching an externally added header, adjust the
helo name used by amavisd-new.
$myhostname = "somesecret.example.com"
and hope nobody will use that name...
then
/^Received: from somesecret\.example\.com \(localhost
\[127\.0\.0\.1\])\s+by yourpostfix\.example\.net \(Postfix\) with ESMTP id /
IGNORE
> ... even if those look exactly the same. In
> particular, I want to NOT remove any previous headers that try to
> mimic these headers. I want to ONLY remove the one being added. I
> want to be sure that any lookalikes that were in the original message
> are retained. Much of why I am doing this involves checking things
> like mimic headers. So the test that is needed is "was this header
> added by amavis or the 2nd smtpd that gets mail back from amavis,
> without considering the contents?".
>
There's no such feature.
you can do that artificially but it's plain ugly:
- before the filter, rewrite all Received headers:
/^(Received:.*)/ REPLACE X-MYSECRETHDRNAME-$1
- in after the filter, remove all Received headers (which is one header)
- pass mail through yet another smtpd which has a cleanup that rewrite
X-MYSECRETHDRNAME things back
/^X-MYSECRETHDRNAME-(Received:.*)/ REPLACE $1
>
>> By crafting the check to match exactly the correct header. The two headers
>> likely differ in detail. If necessary, you could set "mail_name" in the
>> downstream or upstream Postfix, so that header_checks(5) can tell the
>> two apart.
>
> Likely, they will differ. I'm sure the timestamps will. But I don't
> want to delete any headers that specify localhost, for example, even
> though that is something that could match one of the inserted headers.
> So I can't match on things like that.
>
>
>> This is not so difficult. Just a carefully crafted regular expression
>> is sufficient.
>
> It's not obvious to me given that content is not usable to match against.
>
