LuKreme wrote:
On 5-Mar-2009, at 19:15, Noel Jones wrote:
Oh, and recent postfix marks authenticated headers; note the
ESTMPSA. S = StartTLS, A = Authenticated
Received: from [192.168.5.108] (adsl-19-247-14.bna.bellsouth.net
[68.19.247.14])
by mgate2.vbhcs.org (Postfix) with ESMTPSA id BAF4A797A6A;
Thu, 5 Mar 2009 20:09:39 -0600 (CST)
That is very cool, I didn't know that. Of course in my case we're not
using TLS, so the header has ESMTPA, but still, quite useful.
... which is why the sample expression is ESTMPS?A, ie. the S
is optional.
a regexp something like
/^(Received: .* myhostname \(Postfix\) with ESTMPS?A .*)$/
REPLACE X-$1
should do the trick.
I really like that, there's all sorts of possibilities here. Would it
be bad to strip out the IPs (usually local/private) from these headers?
/^(Received: from )\[\d\d?\d?\.d\d?\d?\.d\d?\d?\.d\d?\d?\](.* myhostname
\(Postfix\) with ESMTPS?A .)$/
REPLACE X-$1"[internal LAN]"$2
/^(Received: from [^\[].* myhostname \(Postfix\) with ESTMPS?A .*)$/
REPLACE X-$1
??
I'm thinking that cleanup is called for all messages, which is why you
would only want this on a submission port and not just on the regular
cleanup service. Although the "Received: from [ip.ip.ip.ip]" form never
shows up on external mail since bare-ip mailservers are banned anyway.
This should be safe to use on all mail - no need for a special
cleanup-submission with different header_checks. It should
only match on authenticated mail to your server.
If you don't want the original IP to show, it's probably
better to just remove that part rather than putting a fake IP
there. Easy to do by just moving the first parenthesis,
something like
/^Received: .* (myhostname \(Postfix\) with ESTMPS?A .*)$/
REPLACE X-Submitted to $1
That way you at least keep the original QUEUEID.
-- Noel Jones
