On Sun, Sep 13, 2020 at 10:17:16PM +0200, Zsombor B wrote:
> I started some investigation and found this:
> - for years now, because of reasons I put an extra header to all
> outgoing emails (with header_checks and PREPEND)
When Postfix *prepends* a header, the header is placed at the top of the
message, above all other headers (including the locally added Received
header).
> - I have tested again and "normal" incoming emails (spam & ham) don't
> contain this extra header just outgoing mails so this works fine
You really can't depend on inbound mail not containing a particular
header. If you want separate processing for inbound and outbound mail,
add a header that signals that mail *is* external when it comes from
outside, rather than add an easily forged header that mail is internal
when it arrives from inside. Or better yet, don't cross the streams,
run inbound and outbound mail through entirely separate filters.
> is an "external" IP and hostname in the "Received: from" header) this
> extra outgoing header ("X-Original-Outgoing-Mail") can be seen in the
> mail headers as it was sent out from my server
>
> The whole mail header can be found here: https://pastebin.com/UVK3d2V8
> (there's nothing special in it, except there is no rspamd invoked).
But it was not at the top of the message headers! Unless the message
headers got reordered along the way, this header was NOT prepended by
Postfix.
--
Viktor.
