Jozsef Kadlecsik:
> Hi,
>
> What would be the best way to identify email which is forwarded to
> external addresses by .forward, procmail or sieve rules?
>
> We have control over the mail gateways which handle all incoming-outgoing
> traffic, but no real access to the internal servers where the forward
> rules may be entered.
>
> Add a specific header (e.g. X-Delivered-To) to the incoming email (it
> could be deleted, but let's ignore the possibility) and check it in the
> ougoing ones? What are the possibilities for false positives and
> negatives? Checking the Received lines looks harder and not better
> approach.
Look at the top-level Received: header (the one that is added
by Postfix on your gateway). That is deinitive evidence that
mail came from inside. Determining if it was forwarded requires
some heuristics, because all the other content might be altered.
Wietse
