Loading ...
Sorry, an error occurred while loading the content.

Re: Stripping Received: headers

Expand Messages
  • Geoff Shang
    ... I did. I did it again for good measure - no difference. ... Is there any way I can be sure that the special cleanup agent is running? I see the socket
    Message 1 of 16 , Apr 12, 2013
    • 0 Attachment
      On Fri, 12 Apr 2013, Wietse Venema wrote:

      > You need to do "postfix reload" after editing master.cf.

      I did. I did it again for good measure - no difference.

      > The submission_cleanup service will see the Received: header that
      > was prepended by the submission server.

      Is there any way I can be sure that the special cleanup agent is running?
      I see the socket /var/spool/postfix/public/submission_cleanup

      > However, if your Milter adds headers then those aren't seen by
      > header_checks; you would need to use milter_header_checks.

      We don't appear to be using any milters, despite the
      'milter_macro_daemon_name=ORIGINATING'

      Here's what I did in case I messed up:

      master.cf:

      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      #
      ==========================================================================
      smtp inet n - - - - smtpd
      submission inet n - - - - smtpd
      -o smtpd_enforce_tls=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
      # Use a special cleanup service so we can strip headers.
      -o cleanup_service=submission_cleanup

      smtps inet n - - - - smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
      # Use a special cleanup service so we can strip headers.
      -o cleanup_service=submission_cleanup

      submission_cleanup unix n - - - - cleanup
      # Strip Received: lines from authenticated mail
      -o header_checks=pcre:/etc/postfix/header_checks



      /etc/postfix/header_checks:

      # Remove any Received: headers from authenticated mail.
      /^Received:/ IGNORE



      An example message. The line is matched if I run it through postmap.
      Some details have to be obscured, sorry. I'm on holiday so I'm not
      worried about letting the hostname through, you can all get it from my
      headers anyway. Obviously I'm not posting from my work address.

      Return-Path: <my.address@...>
      X-Original-To: my.address@...
      Delivered-To: my.address@...
      Received: from [192.168.0.20] (dsl-mlibrasgw2-50de1c-161.dhcp.inet.fi
      [80.222.28.161])
      by mail.example.com (Postfix) with ESMTPSA id DED281C40E9
      for <my.address@...>; Fri, 12 Apr 2013 14:35:47
      +0000 (UTC)
      Date: Fri, 12 Apr 2013 17:35:44 +0300 (EEST)
      From: Geoff Shang <my.address@...>
      X-X-Sender: geoff@...
      To: my.address@...
      Subject: test
      Message-ID: <alpine.DEB.2.02.1304121735310.14582@...>
      User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
      MIME-Version: 1.0
      Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

      Geoff.\
    • /dev/rob0
      A word at the outset here: I predict this will come back to bite you in a most painful way. As Noel suggested, you re going to run afoul of some clueless spam
      Message 2 of 16 , Apr 12, 2013
      • 0 Attachment
        A word at the outset here: I predict this will come back to bite you
        in a most painful way. As Noel suggested, you're going to run afoul
        of some clueless spam checks. Some years back I know that Hotmail/MSN
        actually *discarded* such mail silently!

        Note also that Postfix itself uses Received: headers as a protection
        against mail loops. Let's hope you don't get a loop going!

        On Fri, Apr 12, 2013 at 05:49:47PM +0300, Geoff Shang wrote:
        > Is there any way I can be sure that the special cleanup agent
        > is running? I see the socket
        > /var/spool/postfix/public/submission_cleanup

        It's running. To see what it does:

        > master.cf:

        > submission_cleanup unix n - - - - cleanup
        > # Strip Received: lines from authenticated mail
        > -o header_checks=pcre:/etc/postfix/header_checks
        -o syslog_name=postfix/submission/cleanup

        Every non-default service should have its own syslog_name to enhance
        your log searches.

        > /etc/postfix/header_checks:
        >
        > # Remove any Received: headers from authenticated mail.
        > /^Received:/ IGNORE
        /./ WARN

        That might get too noisy in the logs, but at least you will know your
        alternate cleanup service is being used.
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      • Wietse Venema
        ... Are you using receive_override_options? in main.cf or master.cf? Wietse
        Message 3 of 16 , Apr 12, 2013
        • 0 Attachment
          Geoff Shang:
          > On Fri, 12 Apr 2013, Wietse Venema wrote:
          >
          > > You need to do "postfix reload" after editing master.cf.
          >
          > I did. I did it again for good measure - no difference.

          Are you using receive_override_options? in main.cf or master.cf?

          Wietse
        • Geoff Shang
          ... No. Geoff.
          Message 4 of 16 , Apr 15, 2013
          • 0 Attachment
            On Fri, 12 Apr 2013, Wietse Venema wrote:

            > Geoff Shang:
            >> On Fri, 12 Apr 2013, Wietse Venema wrote:
            >>
            >>> You need to do "postfix reload" after editing master.cf.
            >>
            >> I did. I did it again for good measure - no difference.
            >
            > Are you using receive_override_options? in main.cf or master.cf?

            No.

            Geoff.
          Your message has been successfully submitted and would be delivered to recipients shortly.