Not possible with header_checks. A milter /should/ be able to do
this, but you'll have to do some research to find one. Maybe
milter_regex is a possibility.
-- Noel Jones
On 3/23/2015 2:03 PM, Sebastian Nielsen wrote:
> Can it be done without a policy service or milter? Eg with some
> header checks? Or maybe a configuration option?
>
> -----Ursprungligt meddelande----- From: Noel Jones
> Sent: Monday, March 23, 2015 7:57 PM
> To: postfix-users@postfix.org
> Subject: Re: Add header with original IP?
>
> On 3/23/2015 1:20 PM, Sebastian Nielsen wrote:
>> How can I in postfix add a header with the original client IP (like
>> “X-Original-IP”), such as, it cannot be forged, eg any incoming mail
>> will have such headers stripped out, before Postfix adds its own.
>>
>> The intention of this header is to use it at a later processing step
>> for separating phishing mail from legit mail (using SPF), but the
>> check must be done after a heavy processing step for technical
>> reasons, thus I have to “save” the client IP in the header, then
>> process the mail through the heavy step, and then use the client IP
>> in authentication. For this reason, any such headers must be
>> stripped off first, so a fraudulent user cannot add one or more of
>> such a header to “forge” the SPF check.
>>
>> Or is there some way in a milter/macro to “read” off the XFORWARD
>> ip? Im currently using {client_addr} but is there any other macro
>> that would “display” the XFORWARD ip?
>> I saw a other suggestion to use XCLIENT, but postfix smtp doesnt
>> support XCLIENT in client mode.
>
>
> The client IP is already in the top-most Received: header added by
> postfix. Any header below that may be forged, but the top-most
> Received: header is added by your system and cannot be forged.
>
> If you want to add some extra header with that same IP, you'll need
> to use a policy service with the PREPEND action.
> http://www.postfix.org/SMTPD_POLICY_README.html
>
>
>
> -- Noel Jones
