On 5-Mar-2009, at 19:15, Noel Jones wrote:
Oh, and recent postfix marks authenticated headers; note the
ESTMPSA. S = StartTLS, A = Authenticated
Received: from [192.168.5.108] (adsl-19-247-14.bna.bellsouth.net
[68.19.247.14])
by mgate2.vbhcs.org (Postfix) with ESMTPSA id BAF4A797A6A;
Thu, 5 Mar 2009 20:09:39 -0600 (CST)
That is very cool, I didn't know that. Of course in my case we're not
using TLS, so the header has ESMTPA, but still, quite useful.
a regexp something like
/^(Received: .* myhostname \(Postfix\) with ESTMPS?A .*)$/
REPLACE X-$1
should do the trick.
I really like that, there's all sorts of possibilities here. Would it
be bad to strip out the IPs (usually local/private) from these headers?
/^(Received: from )\[\d\d?\d?\.d\d?\d?\.d\d?\d?\.d\d?\d?\](.*
myhostname \(Postfix\) with ESMTPS?A .)$/
REPLACE X-$1"[internal LAN]"$2
/^(Received: from [^\[].* myhostname \(Postfix\) with ESTMPS?A .*)$/
REPLACE X-$1
??
I'm thinking that cleanup is called for all messages, which is why you
would only want this on a submission port and not just on the regular
cleanup service. Although the "Received: from [ip.ip.ip.ip]" form
never shows up on external mail since bare-ip mailservers are banned
anyway.
--
<Athene> we all have our moments when we lose it
<Slyspy> the key is though, to conceal the evidence before the police
arrive
