On 12/11/12 14:10, Noel Jones wrote:
On 12/11/2012 1:52 PM, brom...@lavabit.com wrote:
$ man 5 header_checks | less +/IGNORE
This comment(0) says that it's better to use `content_filter', but I
haven't found its man page. Where can I find it?
That's referring to an external content_filter; not part of postfix.
The docs would be included with whichever content filter you
picked. Kind of a useless suggestion, header_checks are quite
capable of this.
I assume it's not a good idea to IGNORE all headers. Which can be
ignored?
Make your header_checks rule as specific to the header you want to
remove as possible, at a minimum specify the expected hostname and
IP. It's important to not unintentionally remove other headers.
Something like (all one line, beware wrapping):
/^Recieived: .*\(host\.example\.com
\[192\.168\.1\.100\]\)[[:space:]]+by server\.example\.com/ IGNORE
As a general rule, removing headers is pretty useless. So another
choice is to just close your eyes.
-- Noel Jones
You could even avoid using IGNORE here altogether and just go with
REPLACE if you're trying to prevent an information leak (like revealing
a local IP). A lot of people use a quick REPLACE rule for SASL
authenticated clients to prevent leaking usernames or the user's IP
address. If you map those usernames or IP addresses to special values
that you then substitute into the header, you could even retain some
useful debugging information.
This question shows the general idea:
http://serverfault.com/questions/333176/remove-userid-from-recieved-header
-Will
