On 2/13/2012 9:49 AM, li...@coffeehabit.net wrote: > I have been trying this, but for some reason it does not work. I > assume the wrapping doesn't matter, since the lines are different > lengths depending on the recipient server. Below is postfix (IPs > redacted), Exchange gives longer lines.
not sure why you would be trying to match Exchange lines anyway... > > Received: from [100.100.100.100] (unknown [200.200.200.200]) > (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) > (No client certificate requested) > by mx.domain.tld (Postfix) with ESMTPSA id 6F60A73404D; > Mon, 13 Feb 2012 15:36:58 +0000 (GMT) > > Using Postfix 2.5.5-1.1+lenny1 (stock debian package). I have: > > /^Received: .*by (mx\.domain\.tld \(Postfix\) with > (ESMTPSA|SMTPSA|ESMTPA|SMTPSA).*)$/ REPLACE Received: by $1 Most likely reason is that your pattern doesn't match the input. Test patterns with postmap -q - pcre:/path/to/header_checks < /path/to/testfile Note that with postfix earlier than 2.6 you'll need to manually collapse multi-line headers before testing. With postfix 2.6 and newer you can use "postmap -hq - ..." to enable header query mode. If your pattern happens to cross a line break, you'll need to use "\s+" (pcre and some regexp libraries) or "[[:space:]]+" (universal; always works) instead of an actual space character. I don't think postfix will let you AUTH without using EHLO/ESMTP, so "SMTPA|SMTPSA" won't ever match. And if you require TLS for AUTH (which most places do), you'll never see ESMTPA. Or you could replace the whole thing with E?SMTPS?A And if you mangle the Received: header, you should rename it to X-Received: to keep spam scanners from penalizing you for an invalid header. -- Noel Jones
